Smart card error

Similar Messages

• RDS Gateway + Smart Card Error [ The specified user name does not exist.]

  I have the following Windows Server 2008 R2 servers:
  addsdc.contoso.com, AD DS Domain Controller for contoso.com
  adcsca.contoso.com, AD CS Enterprise CA, CDPs/AIAs published externally.
  fileserver.contoso.com, RDS Session Host for Administration enabled
  rdsgateway.contoso.com, RDS Gateway enabled
  tmgserver.contoso.com, 'Publishing' rdsgateway.contoso.com but with pass-through authentication
  And the following Windows 7 PCs:
  internalclient.contoso.com
  externalclient.fabrikam.com
  There's no trust between the domains, the external client is completely separate on the internet but the CA certificate for contoso.com has been installed in the trusted Root CA store. All servers have certificates for secure RDP.
  I enrolled for a custom 'Smart Card Authentication' certificate with Client Authentication and Smart Card Logon EKUs from the CA, stored on my new Gemalto smart card using the Microsoft Base Smart Card CSP.
  From internalclient.contoso.com, I can RDP to fileserver.contoso.com
  using the smart card just fine with no certificate errors.
  From externalclient.fabrikam.com, I can RDP to fileserver.contoso.com
  via rdsgateway.contoso.com using a username and password just fine with no certificate errors.
  From externalclient.fabrikam.com, I can RDP to fileserver.contoso.com
  via rdsgateway.contoso.com using the smart card to authenticate to the gateway, and a username and password to authenticate to the end server, just fine.
  BUT from when using a smart card to authenticate to the end server via the gateway, it fails with:
       The specified user name does not exist. Verify the username and try logging in again. If the problem continues, contact your system administrator or technical support. 
  When I move the client into the internal network and try the connection again (still via the RDS Gateway), it works fine - the only thing I can think of is being outside the network and not being able to contact the AD DS DC for Kerberos is causing the issue
  - but I'm pretty sure this is a supported scenario?
  The smart card works fine internally, the subject of the certificate is the user's common name (John Smith) and the only SAN is
  [email protected] which matches the UPN of the user account as it was auto-enrolled.
  Does anyone have any ideas?

  I had a similar issue where I am using a smart card through a Remote Desktop Gateway. I had to disable Network Level Authentication (NLA) on the destination Remote Desktop Server. If anyone has another way around this, I'd appreciate hearing it. I'd prefer
  to use NLA.

• Error encountered while signing. Windows cryptographic service provider reported an error. Object not found. Error code:2148073489. Windows 7, Adobe Reader XI, Symantec PKI, Smart Card and CAC. I have seen other threads for this error but none have a reso

  Error encountered while signing. Windows cryptographic service provider reported an error. Object not found. Error code:2148073489. Windows 7, Adobe Reader XI, Symantec PKI, Smart Card and CAC. I have seen other threads for this error but none have a resolution. Any help would be appreciated.
  Sorry for the long title, first time poster here.

  This thread is pretty old, are you still having this issue?

• Error while Accessing Smart Card using Open Card Frame Work

  HI
  Using Open Card Frame work I am trying to access GemAlto provided Smart Card (java card). I downloaded the Open Card Frame work from “http://www.openscdp.org/ocf/download.html”.
  I am executing a basic program to access the data stored in smart card.
  public static void main(String[] args)
                      System.out.println("reading smartcard file...");
                      try {
                      SmartCard.start();
                      CardRequest cr = (FileAccessCardService.class);
                      System.out.println("calling waitforCard");
                      SmartCard sc = SmartCard.waitForCard(cr); //Error comes after this line
                      System.out.println("After waitForCard called");
                      FileAccessCardService facs = (FileAccessCardService)
                      sc.getCardService(FileAccessCardService.class, true);
                      CardFile root = new CardFile(facs);
                      CardFile file = new CardFile(root, ":c009");
                      byte[] data = facs.read(file.getPath(), 0,
                      file.getLength() );
                      sc.close();
                      String entry = new String(data);
                      entry = entry.trim();
                      System.out.println(entry);
                      } catch (Exception e) {
                           e.printStackTrace(System.err);
                      System.exit(0);
  The content of the opencard.properties are :
            OpenCard.services = opencard.opt.util.PassThruCardServiceFactory
  OpenCard.terminals = com.ibm.opencard.terminal.pcsc10.Pcsc10CardTerminalFactory
  OpenCard.trace = opencard:5 com.ibm:4 opencard.opt.database:6
  After the line “ SmartCard sc = SmartCard.waitForCard(cr);”
  the program is expecting a card to be inserted but while inserting Smartcard the following error message come :
            calling waitforCard
            [ERROR    ] com.ibm.opencard.terminal.pcsc10.OCFPCSC1.OCFPCSC1.SCardConnect
  --- message
  --- thread Thread[Thread-0,5,main]
  --- source com.ibm.opencard.terminal.pcsc10.OCFPCSC1@2e7263
  [ERROR    ] com.ibm.opencard.terminal.pcsc10.OCFPCSC1.OCFPCSC1.SCardConnect
  --- message Protocol = 0
  --- thread Thread[Thread-0,5,main
  --- source com.ibm.opencard.terminal.pcsc10.OCFPCSC1@2e7263
  Basically the error is coming from the SCardConnect function of OCFPCSC1.cpp file.
  Please reply to my mail id if any body has any idea how to resolve this issue.
  MAIL-ID : [email protected]
  With Regards
  Swarup
  Finacle Archie
  Infosys Technologies Limited,Bhubaneswar,India

  Sounds like an issue that has to do with JavaScript Origin policy. You'll have to use Domain Relaxing for this. Read all about it here:
  http://help.sap.com/saphelp_nw04/helpdata/en/59/87b54064c2742ae10000000a155106/frameset.htm
  here:
  http://help.sap.com/saphelp_nw04/helpdata/en/5e/473d4124b08739e10000000a1550b0/frameset.htm
  and here:
  http://help.sap.com/saphelp_nw04/helpdata/en/cb/f8751d8c6b254dac189f4029c76112/frameset.htm

• Remotely login error on windows server 2003 using gemalto smart card

  I am getting this error when trying to log on windows server 2003 remotely using smartcard. We have our own CA. We are able to successfully logon on windows server 2008 using same card.

  Hi,
  Base on my research, Event 537 indicates that a logon attempt was made and rejected for some reason other than those covered by explicit audit records in this category.
  Would you please provide more details?
  Are there any related warnings and errors under Application Logs or System Logs?
  By remotely login, do you mean logon via RDP?
  Here are some related links below for you references:
  Event 537
  http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Windows%20Operating%20System&ProdVer=5.0&EvtID=537&EvtSrc=Security&LCID=1033
  Smart Card and Remote Desktop Services
  http://technet.microsoft.com/en-us/library/ff404286(v=WS.10).aspx
  Please get back to us with the necessary information at your earliest convenience.
  Best Regards,
  Amy Wang

• Need advice for an application that restricts access to other applications using a smart card

  Hello everybody,
  I am developing a system that uses a smart card reader attached to a USB port of a PC.
  What the system should provide is:
  When computer boots up and shows the users login screen, a user, previously registered, can use his smart card to access the system, instead of entering his password
  Once the user is logged in, when he tries to launch an application, which has previously marked as "secured", a dialog box is shown indicating that the user has to present his smart card. If the smart card has access to the application, the application
  is launched, otherwise an error message is shown to the user and the application is not executed.
  I develop in C++ and C#. I have already created a library (in Visual C++) that manages the smart card reader and provides the card presented to it.
  Now I am developing the applicastion (in C#) that will configure the security (assigning cards to users and applications).
  Concerning this, I have 2 questions regarding each point above:
  Is it possible to create the centralized application that lists all users and allows to assign cards to them? Then, when the users login screen is shown, the system must access that data before logging in, so that it can check which card was presented and
  what user it corresponds to. I have seen in laptops, that have embedded fingerprint readers, a user must login to his account first and then he can register his fingerprints. In fact, what I need to do is something similar but with smart card reader instead
  of fingerprint reader. So, perhaps, user must login into his account first and then he will be able to add his card and store that information somewhere (in windows registry maybe).
  How can I launch my application when other application is executed but before its interface is actually shown? this is similar to what antivirus programs do, because they check the executable before it is actually ran. What is the best method to address
  the application? by executable file name? process name? or other? if the best is by process name, how can I know the process name without actually running the application?
  Well, that is all what I need to do. Please advice regarding this subject.
  I look forward to hearing from you,
  Best regards,
  Jaime
  Powered by C++

  > what was the guidance?
  1. Research other software that does similar things (not just exactly the same) as you need. If you like something in their solutions, copy it :)
  The only software I know that does that is an antivirus, but I am unlucky to find some code in c++ that allows to intercept the program execution before actually executing it.
  2. If a kernel driver would fit in your solution, go for it (google for what is available for free, or find a consultant to write it for you).
  There are a lot of information about kernel drivers, but the question is, is that really the solution?
  Otherwise, you can just hide the application from user's reach and substitute the executable in shortcuts, etc. to run your program instead.
  Definetly this is not the way to go
  What is the best method to address the application? by executable file name? process name? or other?
  By executable file name, like in the Windows Applocker, I think. Processes do not have names (they are artifact of Task manager and debugging tools, to represent the processes for user somehow). Or, only by the filename part of the full path.
  I agree with that
  if the best is by process name, how can I know the process name without actually running the application?
  When the user runs the application, the driver will detect this and do its magic.
  I have found this page: http://stackoverflow.com/questions/3556048/how-to-detect-win32-process-creation-termination-in-c. They mention WMI, but I will study it tommorow... it is so late for today :-)
  Regards,
  -- pa
  Regards
  Jaime
  Powered by C++

• Problem with Sun PKCS#11 Provider and Ativcard smart card.

  Hi,
  I'm trying to make a signature with a smartcard.
  I have no problem signing with my card in applications such as Microsoft Office, Outlook (they probably use CAPICOM or MS CryptoAPI).
  There is only one certificate on my card with non extractable pair of keys.
  When I`m using Java based application I have the following problem:
  I have Java 1.5.0 installed, and according to the reference guide on:
  http://java.sun.com/j2se/1.5.0/docs/guide/security/p11guide.html
  I configured "Sun PKCS#11 Provider".
  In file:
  %JAVA_HOME%/lib/security/java.security I inserted the following lines:
  # Configuration for security providers 1..6 omitted
  security.provider.7=sun.security.pkcs11.SunPKCS11 C:/pkcs11.cfg
  In my case (I`m using ActivCard) The file "C:/pkcs11.cfg" contains:
  name = ActivCard
  library = c:\windows\system32\acpkcs211.dll
  After that I try tu use configured provider with keytool.exe from jsdk.
  In cmdline:
  c:\Program Files\Java\jdk1.5.0_06\bin>keytool.exe -keystore NONE -storetype PKCS11 -list
  Enter keystore password:  1111
  Keystore type: PKCS11
  Keystore provider: SunPKCS11-ActivCard
  Your keystore contains 1 entry
  Cinek's dp ID, keyEntry,
  Certificate fingerprint (MD5): 36:19:DD:01:2E:A2:C5:F6:51:44:03:74:14:D5:62:C0
  So till now everything looks ok. Certificate is accessible.
  But when I trying to use jarsigner.exe to sign something:
  c:\Program Files\Java\jdk1.5.0_06\bin>jarsigner.exe -keystore NONE -storetype PKCS11 D:\Applet.jar "Cinek's dp ID"
  Enter Passphrase for keystore: 1111
  jarsigner error: java.lang.NullPointerException
  I`ve got the java.lang.NullPointerException !
  To find reason of the exception I`ve written simple application, which signs a byte array:
  import java.security.KeyStore;
  import java.security.PrivateKey;
  import java.security.PublicKey;
  import java.security.Signature;
  import java.security.cert.Certificate;
  import java.util.Enumeration;
  public class Main {
       public static void main(String[] args) throws Exception {
            PrivateKey privkey = null;
            char[] pin = { '1', '1', '1', '1' };
            KeyStore smartCardKeyStore = KeyStore.getInstance("PKCS11");
            smartCardKeyStore.load(null, pin);
            Enumeration aliasesEnum = smartCardKeyStore.aliases();
            if (aliasesEnum.hasMoreElements()) {
                 String alias = (String) aliasesEnum.nextElement();
                 privkey = (PrivateKey) smartCardKeyStore.getKey(alias, null);
                 byte[] aDocument = new byte[100];
                 Signature signatureAlgorithm = Signature.getInstance("SHA1withRSA");
                 signatureAlgorithm.initSign(privkey);
                 signatureAlgorithm.update(aDocument);
                 byte[] digitalSignature = signatureAlgorithm.sign();
  When I`ve run this application in last line in method signatureAlgorithm.sign() I got:
  Exception in thread "main" java.lang.NullPointerException
       at java.math.BigInteger.modPow(Unknown Source)
       at sun.security.rsa.RSACore.crtCrypt(Unknown Source)
       at sun.security.rsa.RSACore.rsa(Unknown Source)
       at sun.security.rsa.RSASignature.engineSign(Unknown Source)
       at java.security.Signature$Delegate.engineSign(Unknown Source)
       at java.security.Signature.sign(Unknown Source)
       at Main.main(Main.java:31)
  In debug, before this exception variables are:
  alias= "Cinek's dp ID"
  privkey =
  SunPKCS11-ActivCard RSA private key, 1024 bits (id 192168768, token object, not sensitive, extractable)
    modulus:          112271510887039102410124262012976131016781096451891854145879061791454872222254764386718257162446565027910080375427552248069203548913907633164297672417327888344423061606707834842776634133861005271620794248782338105033496749719965719732501903618453514554701005390412127008091861831421936757053019877456102263703
    public exponent:  65537
    private exponent: null
    prime p:          null
    prime q:          null
    prime exponent p: null
    prime exponent q: null
    crt coefficient:  null
  As you can see, private key has extractable attribute set, what is wrong. Attribute is set and key has no values.
  I think that can be the reason of NullPointerException. (Maybe when extractable = true, sign() methods expects key values filled).
  So, I can not sign anything.
  I tryed to add some additional attributes to file "C:/pkcs11.cfg":
  attributes(*,CKO_PRIVATE_KEY,*) = {
    CKA_EXTRACTABLE = false
  but with no effect. Key was still extractable.
  Can you help me to solve this problem?
  PS. I`m using acpkcs211.dll (v3.2.102.0) as an implementation of PKCS#11. (Activcard says that it is PKCS#11 v2.11 implementation)
  PS2. Sorry for my english

  Can I ask you one question?
  Which driver did you specify? I mean the smarcard reader driver or the smartcard itself driver?
  If the second, does it come along with the card? because as far as I know I just got the smart card but no software at all (apart the smartcard reader driver).
  Can you help me out with this?
  thanks in advance,
  Marco

• Urgent Help on Smart Card

  Hi Friends
  I have a javacard application which write and reads to/from the smartcard.My card supports Javacard 2.2.1 and GP 2.1.1 ,but from my experience it seems no supporting GP( it is not working GPShell sowing 6d00 error and also giving error under mode_211)
  I converted my class file to a cap file .I was using Netbeans.Now i changed to Eclipse (galileo_jee) with Eclipsejcde plugin.I can convert to cap file from eclipse.I use compiler options as :
  Compiler Compliance level 1.3
  Source code compatibility 1.3
  Generated .class file compatibilty 1.1
  We can convert to a cap file through eclipse .I can run GPShell script (Ant script) using Eclipse and load the cap file to the smart card, but when i ran the following script .I am getting 6d00 error .
  So I moved to Smart card shell(SC Shell):
  It contains some javascript function to install the cap file to smart acrd and read some messages from FORUM that some peoples have successfully installed using Smart Card Shell.When i tried to install my cap file it is loading the file to smart card(I am able to see) ,but giving an error message at the end of install method as 6A80.The APDU trace i have pasted next message.Continue....
  Thanks

  Please note : Followed from 1st message...
  00 C: 00 A4 04 00 - SELECT Lc=8
  0005 A0 00 00 00 03 00 00 00 ........
  Le=0
  R: SW1/SW2=9000 (Normal processing: No error) Lr=27
  0000 6F 19 84 08 A0 00 00 00 03 00 00 00 A5 0D 9F 6E o........... ..n
  0010 06 10 01 76 DE 00 05 9F 65 01 7F ...v ...e..
  00 C: 80 50 00 00 - UNKNOWN_INS Lc=8
  0005 C1 A2 EF A2 26 4F 8F 06 &O..
  Le=0
  R: SW1/SW2=9000 (Normal processing: No error) Lr=28
  0000 00 00 71 18 02 02 1D 3D 33 F6 FF 01 6E D2 BC C7 ..q....=3 .nҼ
  0010 4B B3 B9 43 40 2F 7F D2 EB CF 5D FB K C@/. ] 00 C: 84 82 00 00 - UNKNOWN_INS Lc=16
  0005 64 EC 0F 28 6E F8 3A 80 DD B7 4D 8E BA A9 36 09 d .(n :.ݷM. 6.
  R: SW1/SW2=9000 (Normal processing: No error) Lr=0
  00 C: 80 E4 00 00 - UNKNOWN_INS Lc=14
  0005 4F 0C 01 02 03 04 05 06 07 08 09 00 00 01 O.............
  Le=0
  R: SW1/SW2=6A88 (Checking error: Reference data not found) Lr=0
  00 C: 80 E4 00 00 - UNKNOWN_INS Lc=12
  0005 4F 0A 01 02 03 04 05 06 07 08 09 00 O...........
  Le=0
  R: SW1/SW2=9000 (Normal processing: No error) Lr=0
  00 C: 80 E6 02 00 - UNKNOWN_INS Lc=23
  0005 0A 01 02 03 04 05 06 07 08 09 00 08 A0 00 00 00 ................
  0015 03 00 00 00 00 00 00 .......
  Le=0
  R: SW1/SW2=9000 (Normal processing: No error) Lr=0
  00 C: 80 E8 00 00 - UNKNOWN_INS Lc=255
  0005 C4 82 02 9D 01 00 14 DE CA FF ED 01 02 04 00 01 ...... .....
  0015 0A 01 02 03 04 05 06 07 08 09 00 02 00 1F 00 14 ................
  0025 00 1F 00 0F 00 0B 00 3E 00 0E 01 2A 00 0A 00 23 .......>...*...#
  0035 00 00 00 8F 00 02 00 00 00 00 01 01 00 04 00 0B ................
  0045 01 02 01 07 A0 00 00 00 62 01 01 03 00 0F 01 0B ........b.......
  0055 01 02 03 04 05 06 07 08 09 00 00 00 08 06 00 0E ................
  0065 00 80 03 00 FF 00 07 02 00 00 00 1C 01 0D 07 01 .... ...........
  0075 2A 00 01 10 18 8C 00 00 7A 02 30 10 09 90 0B 7F *.......z.0.....
  0085 00 01 8F 00 02 3D 8C 00 03 8B 00 04 7A 02 21 19 .....=......z.!.
  0095 8B 00 05 2D 1A 03 25 10 80 6B 28 1A 04 25 73 00 ...-..%..k(..%s.
  00A5 1B 00 02 00 04 00 0D 00 1B 00 14 18 19 8C 00 06 ................
  00B5 70 17 18 19 8C 00 07 70 10 11 6D 00 8D 00 08 70 p......p..m....p
  00C5 08 11 6E 00 8D 00 08 7A 04 23 19 8B 00 05 2D 1A ..n....z.#....-.
  00D5 05 25 60 08 11 6B 00 8D 00 08 1A 06 25 11 00 FF .%`..k......%..
  00E5 53 32 1F 10 09 6C 08 11 6B 00 8D 00 08 1A 07 25 S2...l..k......%
  00F5 11 00 FF 53 29 04 16 04 10 09 6F 08 11 67 00 .. S).....o..g.
  Le=0
  R: SW1/SW2=9000 (Normal processing: No error) Lr=0
  00 C: 80 E8 00 01 - UNKNOWN_INS Lc=255
  0005 8D 00 08 16 04 61 08 11 67 00 8D 00 08 19 8B 00 .....a..g.......
  0015 09 3B 19 16 04 8B 00 0A 19 7B 00 01 1F 16 04 8B .;.......{......
  0025 00 0B 7A 05 23 19 8B 00 05 2D 1A 05 25 60 08 11 ..z.#....-..%`..
  0035 6B 00 8D 00 08 1A 06 25 11 00 FF 53 32 1F 10 09 k......%.. S2...
  0045 6C 08 11 6B 00 8D 00 08 1A 07 25 11 00 FF 53 29 l..k......%.. S)
  0055 04 16 04 10 09 6F 08 11 67 00 8D 00 08 16 04 61 .....o..g......a
  0065 08 11 67 00 8D 00 08 18 19 8B 00 0C 1A 08 7B 00 ..g...........{.
  0075 01 1F 16 04 8D 00 0D 3B 11 90 00 8D 00 08 7A 02 .......;......z.
  0085 22 19 8B 00 05 2D 1A 07 25 11 00 FF 53 32 1F 19 "....-..%.. S2..
  0095 8B 00 0E 6A 08 11 67 00 8D 00 08 7A 08 00 0A 00 ...j..g....z....
  00A5 02 00 01 00 00 00 00 00 00 05 00 3E 00 0F 06 80 ...........>....
  00B5 03 00 05 00 00 00 01 00 00 00 06 00 00 01 03 80 ................
  00C5 03 01 03 80 0A 01 06 00 00 57 06 00 00 B1 06 80 .........W... ..
  00D5 07 01 03 80 0A 07 03 80 0A 09 03 80 0A 05 03 00 ................
  00E5 00 08 06 80 10 01 03 80 0A 06 09 00 23 00 00 00 ............#...
  00F5 1F 05 0A 03 04 03 07 1D 07 08 08 07 0C 13 15 ...............
  Le=0
  R: SW1/SW2=9000 (Normal processing: No error) Lr=0
  00 C: 80 E8 80 02 - UNKNOWN_INS Lc=163
  0005 0A 04 07 04 06 07 0C 13 15 0A 05 05 06 07 07 0E ................
  0015 08 0B 00 8F 01 00 01 00 00 00 00 01 00 06 FF 08 .............. .
  0025 00 00 00 00 22 FF 82 00 01 00 20 00 05 00 00 00 ...." .... .....
  0035 00 00 09 00 08 00 33 00 12 00 00 00 00 07 01 00 ......3.........
  0045 1C 00 24 00 39 00 00 00 00 FF 02 00 57 00 24 00 ..$.9.... ..W.$.
  0055 58 00 00 00 00 FF 02 00 B1 00 24 00 5A 00 00 00 X.... .. .$.Z...
  0065 00 08 01 01 0D 00 24 00 1B 00 00 00 00 00 0F 00 ......$.........
  0075 20 00 22 FF FF 00 20 00 20 00 22 00 24 00 24 00 ." . . .".$.$.
  0085 28 00 2A 00 28 00 2C 00 24 00 2F 00 2A 01 10 01 (.*.(.,.$./.*...
  0095 B0 06 68 00 A1 02 41 01 40 04 B4 41 06 B4 B4 44 .h. .A.@. A. D
  00A5 04 B4 31 . 1
  Le=0
  R: SW1/SW2=9000 (Normal processing: No error) Lr=0
  00 C: 80 E6 0C 00 - UNKNOWN_INS Lc=42
  0005 0A 01 02 03 04 05 06 07 08 09 00 0B 01 02 03 04 ................
  0015 05 06 07 08 09 00 00 0C 01 02 03 04 05 06 07 08 ................
  0025 09 00 00 01 01 07 02 C9 00 00 ....... ..
  Le=0
  R: SW1/SW2=6A80 (Checking error: Incorrect parameter in the command data field) Lr=0
  Please help me reagrding this.Fighting with this over 1 month.Someone Kindly help me to solve this error.I tried the following:
  1) I have read from some forum that if we replace the import.cap with original import.cap file,it will solve the probs.Eventhough it is not the rite method , i thought i can use it now.My import.cap file will be having the content as below.
  04 00 0b 01 02 01 07 a0 00 00 00 62 01 01 and the original cap file will be having 04 00 0b 01 00 01 07 a0 00 00 00 62 01 01
  2) Checked the applet and package AIDs are same.
  3) Checked with the empty methods (without any code in the applet file).had register method in applet constructor also called constructor from install method.
  4)Checked from command prompt ,same problem exist.
  Can anybody help please.i m really in trouble.My time is limited .Please go through my code.In next post ,i will post my code also and missing anything .If anybody wants to test cap file,i wills send tha cap file also.

• Smart Cards slow with Sun Ray Windows Connector

  I'm succesfully using smart cards to log on to Windows 2003. But the problem is that it's very slow!
  If i enter a wrong pin code, its fairly quick to respond with an error but when entering the right one it takes like 13-15 seconds to log on. The smart card slot on Sun Ray 2 is flashing all that time, so it seems like it's reading the certificate takes that long?
  Any ideas how to make it quicker?

  I have done the same setup with SunRay 170.
  Approx the same delay is experienced with my setup.
  When I meet my Card Vendor next time around I will ask about
  how many times the CERT is read.
  The Sunray 2 is faster , alot faster than sunray 170 so the delay
  must be the speed that card transactions can be performed.
  //lars

• Signing with Smart Card (PKCS#11)

  I'm trying to sign my .jar with ActivCard smart card and jarsigner.exe, but I got NullPointerException. I have succeeded to get list of certificates present on smart card. Is there better PKCS#11 provider then sun.security.pkcs11.SunPKCS11?

  I receive the following error message when trying to sing a jar file using a PKI card:
  jarsigner: Certificate chain not found for: Random.  Random must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.This is the command line:
  "C:\Program Files\Java\jdk1.5.0_04\bin\jarsigner" -keystore NONE -storetype PKCS11 -signedjar D:\Work_Java\Random\sRandom.jar -verbose D:\Work_Java\Random\Random.jar RandomWhat does this mean?

• Pkcs#11 and smart card reader

  Hi everybody,
  In my applet code
  i'm trying to implement "attached signature" reading keystore from a smartcard.
  I'm using SunPKCS11 provider and infocamere smart card, so i load SunPKCS11.dll for PKCS#11 standard.
  my code is:
  String pkcs11ConfigFile = "c:\\smartcards\\config\\SI_PKCS11.cfg";
  Provider pkcs11Provider = new sun.security.pkcs11.SunPKCS11(pkcs11ConfigFile);
  Security.addProvider(pkcs11Provider);
  where SI_PKCS11.cfg file contains 2 lines like follow:
  name = test
  library = C:\WINNT\system32\SI_PKCS11.dll
  when I try to sign without smart card in the device reader i catch "PKCS#11 not found" exception, while when I try with smart card inside the device the applet stop on loading the provider and it doesn't continue without any errors in java console. Can anyone help me?
  thanks a lot for every answer
  best reagards

  I should add that I am using Windows 7 and my CSS version is 8.3, I can also verify my smart card works for other applications, only thinkvantage CSS 8.3 does not work.

• Provider problem by building a secure transmission to a Smart Card

  Hi
  I have this problem:
  I must accomplish a secure transmission with a smart card,
  So the transmission is RSA coded.
  A RSA key is generated, without any problems I think because the modulus is printed out.
  And because he write the key to the card.
  But when the transmission with the card begin the program breaks with the error message it could not find any RSA Provider
  I use :
  - Java 1.4.1
  - bcprov-jdk14-117.jar
  - jce unrestricted policy files
  - cryptix-jce-20030102-snap
  - FlexiFullProvider-1.1.3.signed.jar
  - OCF1.2
  The Programm code with causes the Error :
  Line 78
  public boolean enableSecureMessaging(CardFilePath path, byte keyNumber)
  throws NoSuchAlgorithmException,
  InvalidKeyException,
  CardServiceException,
  CardTerminalException {
  KeyPairGenerator rsaKeyPairGenerator;
  KeyPair rsaKeyPair;
  RSAPubKey     rsaPublicKey;
  RSAPrivCrtKey rsaPrivateKey;
  RSAPrivateKeySpec rsaPrivateKeySpec;
  DESedeKeySpec desKeySpec;
  IV iv;
  byte[] modulus;
  byte[] exponent;
  byte[] privateExponent;
  byte[] modulusRecord;
  byte[] exponentRecord;
  byte[] sessionKey;
  CredentialBag credentialBag;
  TCOS2CredentialStore credentialStore;
  ReceiveRSACommunicationCredential rsaCommunicationCredential;
  DESedeCommunicationCredential desCommunicationCredential;
  PassThruCommunicationCredential passThruCommunicationCredential;
  // - RSA KeyPairGenerator initialisieren und ein Schl�sselpaar mit
  // 512 Bit erstellen
  rsaKeyPairGenerator = KeyPairGenerator.getInstance("RSA");
  rsaKeyPairGenerator.initialize(0x200);
  rsaKeyPair = rsaKeyPairGenerator.generateKeyPair();
  //::B::
  Provider[] providern =java.security.Security.getProviders();
       for (int i = 0; i<providern.length;i++)
            System.out.println(providern.getName());
       System.out.println(providern[i].getInfo());
            System.out.println("----------*******----------");
  //::E::
  // - Public und Private Key aus dem Schl�sselpaar extrahieren
  System.out.println(rsaKeyPair);
  rsaPublicKey = (RSAPubKey)rsaKeyPair.getPublic();
  System.out.println(rsaPublicKey.toString());
  rsaPrivateKey = (RSAPrivCrtKey)rsaKeyPair.getPrivate();
  modulus = rsaPublicKey.getModulus().toByteArray();
  exponent = rsaPublicKey.getPublicExponent().toByteArray();
  privateExponent = rsaPrivateKey.getPrivateExponent().toByteArray();
  // - Komponenten des Public Key f�r die recordbasierte Speicherung in ein
  // Bytearray schreiben
  modulusRecord = new byte[0x43];
  exponentRecord = new byte[0x06];
  modulusRecord[0x00] = (byte)0x01;
  modulusRecord[0x01] = (byte)0x41;
  exponentRecord[0x00] = (byte)0x02;
  exponentRecord[0x01] = (byte)0x04;
  System.arraycopy(modulus, 0x00, modulusRecord, 0x43-modulus.length, modulus.length);
  System.arraycopy(exponent, 0x00, exponentRecord, 0x06-exponent.length, exponent.length);
  // - Komponenten des Public Key auf die Karte schreiben
  // Dieser Public Key wird anschlie�end benutzt, um den SessionKey f�r die
  // �bertragung zu verschl�sseln
  fscs.writeRecord(path, 0x01, modulusRecord);
  fscs.writeRecord(path, 0x02, exponentRecord);
  // - Private Key in einer KeySpec speichern
  rsaPrivateKeySpec = new RSAPrivateKeySpec(rsaPrivateKey.getModulus(),
  rsaPrivateKey.getPrivateExponent());
  // - Credential f�r die KommuniKation mit der Karte erstellen
  // Verschl�sselt wird die RAPDU von der Karte zum PC mit dem zuvor in der
  // Karte abgelegten Public Key
  credentialBag = new CredentialBag();
  credentialStore = new TCOS2CredentialStore();
  rsaCommunicationCredential = new ReceiveRSACommunicationCredential();
  System.out.println("Hier bricht die Sau ab!! [Martin, hat nat�rlich recht]");
  //THIS LINE CAUSES THE ERROR AS YOU SEE
  rsaCommunicationCredential.initCipher(rsaPrivateKeySpec, keyNumber, null); System.out.println("Das Schwein i weiter unten!! [Amir]");
  credentialStore.storeCredential(0x00, rsaCommunicationCredential);
  credentialBag.addCredentialStore(credentialStore);
  Debug Message::
  Bitte Karte einlegen
  [INFO     ] de.telesec.opencard.tcos20.service.TCOS2CardServiceFactory.getCardType
  --- message TCOS 2.0 Release 3 smart card detected
  --- thread Thread[main,5,main]
  --- source class de.telesec.opencard.tcos20.service.TCOS2CardServiceFactory
  [DEBUG    ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.initialize
  --- message
  --- thread Thread[main,5,main]
  --- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
  [DEBUG    ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.initialize
  --- message
  --- thread Thread[main,5,main]
  --- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
  [DEBUG    ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.initialize
  --- message
  --- thread Thread[main,5,main]
  --- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
  [DEBUG    ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.initialize
  --- message
  --- thread Thread[main,5,main]
  --- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
  [DEBUG    ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.initialize
  --- message
  --- thread Thread[main,5,main]
  --- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
  FlexiCore
  SunJSSE
  Sun JSSE provider(implements RSA Signatures, PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
  SunJCE
  SunJCE Provider (implements DES, Triple DES, Blowfish, PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
  SunRsaSign
  SUN's provider for RSA signatures
  SUN
  SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores)
  SunJGSS
  Sun (Kerberos v5)
  CryptixCrypto
  Cryptix JCE Strong Crypto Provider
  BC
  BouncyCastle Security Provider v1.17
  java.security.KeyPair@80fa6f
  modulus n: 0x4fa8e0ef3fba114c9a4fa74848007f611e01dc4b9ecde00dce08bcf86643a7385a82b4fb8206c6bf28ed82ce69e1541947c7a91e4528e10dc5c06c1142e10a91
  exponent e: 0x10001
  [DEBUG    ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.tcosSelect
  --- message mode: 8 response mode: 0 data: DF 01 45 C1
  --- thread Thread[main,5,main]
  --- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
  [DEBUG    ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.buildAndSendCommandAPDU
  --- message cla ins p1 p2 data le
  --- thread Thread[main,5,main]
  --- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
  [DEBUG    ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.buildAndSendCommandAPDU
  --- message cred: null
  --- thread Thread[main,5,main]
  --- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
  [INFO     ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.sendCommandAPDU
  --- message Command: APDU_Buffer = 00A4080004DF0145C100 (hex) | lc = 4 | le = 0
  --- thread Thread[main,5,main]
  --- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
  [INFO     ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.sendCommandAPDU
  --- message Response: opencard.core.terminal.ResponseAPDU@1b9ce4b
  0000: 6F 2F 83 02 45 C1 81 02 00 50 82 03 05 41 43 85 o/..E....P...AC.
  0010: 06 01 C4 06 10 00 00 86 18 B2 00 00 00 FF FF DC ................
  0020: 00 00 00 FF FF 2A 00 00 00 FF FF EE 00 00 00 FF .....*..........
  0030: FF 90 00 ...
  --- thread Thread[main,5,main]
  --- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
  [DEBUG    ] de.telesec.opencard.tcos20.isofs.fileinfo.TCOS2CardFileInfo.TCOS2CardFileInfo
  --- message Data: 0000: 6F 2F 83 02 45 C1 81 02 00 50 82 03 05 41 43 85 o/..E....P...AC.
  0010: 06 01 C4 06 10 00 00 86 18 B2 00 00 00 FF FF DC ................
  0020: 00 00 00 FF FF 2A 00 00 00 FF FF EE 00 00 00 FF .....*..........
  0030: FF .
  --- thread Thread[main,5,main]
  --- source class de.telesec.opencard.tcos20.isofs.fileinfo.TCOS2CardFileInfo
  [DEBUG    ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.tcosUpdateRecord
  --- message SFI: -1 Mode: 4 Record Number: 1 Data: 0000: 01 41 00 4F A8 E0 EF 3F BA 11 4C 9A 4F A7 48 48 .A.O...?..L.O.HH
  0010: 00 7F 61 1E 01 DC 4B 9E CD E0 0D CE 08 BC F8 66 ..a...K........f
  0020: 43 A7 38 5A 82 B4 FB 82 06 C6 BF 28 ED 82 CE 69 C.8Z.......(...i
  0030: E1 54 19 47 C7 A9 1E 45 28 E1 0D C5 C0 6C 11 42 .T.G...E(....l.B
  0040: E1 0A 91 ...
  --- thread Thread[main,5,main]
  --- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
  [DEBUG    ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.buildAndSendCommandAPDU
  --- message cla ins p1 p2 data
  --- thread Thread[main,5,main]
  --- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
  [DEBUG    ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.buildAndSendCommandAPDU
  --- message cred: null
  --- thread Thread[main,5,main]
  --- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
  [INFO     ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.sendCommandAPDU
  --- message Command: APDU_Buffer = 00DC0104430141004FA8E0EF3FBA114C9A4FA74848007F611E01DC4B9ECDE00DCE08BCF86643A7385A82B4FB8206C6BF28ED82CE69E1541947C7A91E4528E10DC5C06C1142E10A91 (hex) | lc = 67 | le = -1
  --- thread Thread[main,5,main]
  --- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
  [INFO     ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.sendCommandAPDU
  --- message Response: opencard.core.terminal.ResponseAPDU@1292d26
  0000: 90 00 ..
  --- thread Thread[main,5,main]
  --- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
  [DEBUG    ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.tcosUpdateRecord
  --- message SFI: -1 Mode: 4 Record Number: 2 Data: 0000: 02 04 00 01 00 01 ......
  --- thread Thread[main,5,main]
  --- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
  [DEBUG    ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.buildAndSendCommandAPDU
  --- message cla ins p1 p2 data
  --- thread Thread[main,5,main]
  --- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
  [DEBUG    ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.buildAndSendCommandAPDU
  --- message cred: null
  --- thread Thread[main,5,main]
  --- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
  [INFO     ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.sendCommandAPDU
  --- message Command: APDU_Buffer = 00DC020406020400010001 (hex) | lc = 6 | le = -1
  --- thread Thread[main,5,main]
  --- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
  [INFO     ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.sendCommandAPDU
  --- message Response: opencard.core.terminal.ResponseAPDU@5329c5
  0000: 90 00 ..
  --- thread Thread[main,5,main]
  --- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
  Hier bricht die Sau ab!! [Martin, hat nat�rlich recht]
  java.lang.RuntimeException: Cannot find any provider supporting RSA
       at de.telesec.opencard.tcos20.security.credential.ReceiveRSACommunicationCredential.initCipher(ReceiveRSACommunicationCredential.java:132)
       at sample.enableSecureMessaging(sample.java:160)
       at sample.start(sample.java:522)
       at sample.main(sample.java:564)
  Process sample finished
  I hope you can help me !

  Ok i have solved the Problem by myself, the solution is to do :
  -rsaKeyPairGenerator = KeyPairGenerator.getInstance("RSA");
  but the cipher musst be
  - cipher = Cipher.getInstance("RSA/ECB/PKCS#1");
  in the Java-Security all Providers have to disable be adding a # bevor each line
  only this line has to put in
  - security.provider.1=sun.security.provider.Sun
  and last you have to load the Flexi Core and the cryptix Providers dynamicly
  -Security.addProvider(new de.flexiprovider.core.FlexiCoreProvider());
  -Security.addProvider(new cryptix.jce.provider.CryptixCrypto());

• Programming multiple smart cards with multiple smart card readers in a PC causes a PCSCException in a smart card that is in progress

  Hi,
  I develop a Java code using smartcardio API to program a smart card. My GUI allows to add at most 5 smart card readers that will wait for card present, then do authentication and program the smart card with an application, then wait for card removal. This is a separate thread running in a loop for each smart card reader added as programmer.
  The problem occurs when a certain smart card is in progress and I inserted another smart card to another smart card reader.  Both smart card reader halts and throw sun.security.smartcardio.PCSCException: Unknown error 0x8010002f.
  I also observed that every time there is an attempt to insert/remove a smart card in the smart card reader that is connected to the USB port would cause the programming in progress to be interrupted and throw the PCSCException.
  These are some exceptions I got during my testing:
  sun.security.smartcardio.PCSCException: Unknown error 0x8010002f
    at sun.security.smartcardio.PCSC.SCardTransmit(Native Method)
    at sun.security.smartcardio.ChannelImpl.doTransmit(ChannelImpl.java:171)
  java.lang.Exception: Loader Record Failed: 6E | 0 //Sometimes I got this return code SW1 0x6E SW2 0x00 which means an APDU with an invalid 'CLA' bytes was received. I had check the command before it was sent and it was correct.
  Help me understand this issue. I think the CardTerminal.isCardPresent(), CardTerminal.waitForCardPresent(0), and CardTerminal.waitForCardAbsent(0) cause this issue that CardChannel.transmit(apduCommand) is interrupted or the smart card insertion/removal causes the CardChannel.transmit(apduCommand) is interrupted.
  Regards,
  Knivez

  Hi,
  when you work with one smartcard reader only usually you address the slot -1 that means "the first found".
  But to deal with multiple readers you have to use slots of course since one reader will be slot 0, next reader will be slot 1 and so on...
  So a credential object will be identified on a system by a couple
  <slot,alias>
  After that, the way to address slots (I mean the syntax) depends on the classes you are using...
  Bye

• FIM 2010 CM deployment for Smart Card Management

  I have FIM installed and was initially getting an Object does not exist on server error whenever i went to Manage Profile Tepmplates or with a user accoutn tried the request a smart card link..
  I enabled verbose logging and this is the error
  Error loading all profile templates. Container path: CN=Profile Templates,CN=Publik Key Services,CN=Services,CN=Configuration,DC=Company,DC=Com
  I validated that the container does not exist. I manually created it and now i get past the error but all lists of profiles are empty as the container is empty.
  At what point should this have been created/populated?
  Aaron

  The container is created when a member of the Enterprise Admins group *successfully* runs the FIM CM Configuration wizard. It appears you have either not run the wizard, or never completed it successfully.
  Brian

• Problem signing certificates from external token (smart card)

  I can not sign PDF documents with an external token (smart card) through a card reader of a Cherry keyboard.
  The card drivers perfectly detect the card and certificates in it, however when trying to sign a certificate in Adobe and select the location of the certificate click in the option "A device attached to this computer" ... I get an error indicating that no device is connected to the computer appears.
  I have tried several different card readers, it seems a problem of drives because the middleware card recognizes all tested certificates readers, however it seems that Adobe is not able to find the card reader. It has happened with several teams. In one team made a clone and deploy it to another machine with the same hardware environment, the firm run properly in the pdf that clone, however on the original computer is not working.
  You have any idea what could be the problem? Thank you very much in advance.

  If the digital ID's corresponding public-key certificate is not getting added to either the Windows Certificate Store, or Mac Keychain Access when you plug the card into the card reader, then you need to load the PKCS#11 module via the Acrobat UI. The module will be a DLL on Windows or a bundle file on the Mac. The problem is there is no one file name to look for, you would need to consult the hardware's documentation to find the name of the file. Once you know the name you can add the P11 module from the Security Settings dialog and then Acrobat will then see the digital ID(s) loaded on the smart card.
  Steve