Kung-Foo
  

30/08/2011 - Using DNIe in three hard-pr0n-steps Por: killabyte

DNIe sucks. Spanish Interior Ministery sucks. And they suck so much that not only they are not capable of publishing quality software, but also not capable of publishing the source code of their loosy software. So we are here, with opensc and an unexistent library for Ubuntu Natty. In this mini-howto we explain how to install and patch their shitty library to get DNIe working on Linux.

Everything from this point will be done as root, so execute: 

  $ sudo -s
  [sudo] password for polla: 
  #

Installing packages

Execute this: 

  # apt-get install libpcsc-perl libpcsclite1 pcsc-tools pcscd libopensc2 opensc pinentry-gtk2
  [... a lot of magical things happens ...]

Now observe the result of following command: 

  # dpkg -l opensc
  [... ommited things that nobody understands ...]
  ii  opensc                                 0.11.13-1ubuntu5                       Smart card utilities with support for PKCS#15 compatible cards

Write down the package version (in this case 0.11.13. You will need that later to patch the DNIe libraries.

Testing your reader device

To test your device execute following: 

$ pcsc_scan
Tue Aug 30 14:51:59 2011
 Reader 0: ACS ACR 38U-CCID 00 00
  Card state: Card inserted, 
  ATR: 3B 7F 38 00 00 00 6A 44 4E 49 65 10 02 4C 34 01 13 03 90 00

ATR: 3B 7F 38 00 00 00 6A 44 4E 49 65 10 02 4C 34 01 13 03 90 00
+ TS = 3B --> Direct Convention
+ T0 = 7F, Y(1): 0111, K: 15 (historical bytes)
  TA(1) = 38 --> Fi=744, Di=12, 62 cycles/ETU
    64516 bits/s at 4 MHz, fMax for Fi = 8 MHz => 129032 bits/s
  TB(1) = 00 --> VPP is not electrically connected
  TC(1) = 00 --> Extra guard time: 0
+ Historical bytes: 00 6A 44 4E 49 65 10 02 4C 34 01 13 03 90 00
  Category indicator byte: 00 (compact TLV data object)
    Tag: 6, len: A (pre-issuing data)
      Data: 44 4E 49 65 10 02 4C 34 01 13
    Mandatory status indicator (3 last bytes)
      LCS (life card cycle): 03 (Initialisation state)
      SW: 9000 (Normal processing.)

Possibly identified card (using /usr/share/pcsc/smartcard_list.txt):
3B 7F 38 00 00 00 6A 44 4E 49 65 10 02 4C 34 01 13 03 90 00
3B 7F 38 00 00 00 6A 44 4E 49 65 [1,2]0 02 4C 34 01 13 03 90 00
        DNI electronico (Spanish electronic ID card)
        http://www.dnielectronico.es

Tue Aug 30 14:52:09 2011
 Reader 0: ACS ACR 38U-CCID 00 00
  Card state: Card removed, 
^C
$

If this does not happen when you insert/remove your card, it means that your reader does not work. Try to reboot the machine, sometimes it fails after installation.

Avoid Sveon devices -- I tested the SCT010 model and it don't work to work on Linux. At least not when I wrote this thing. NOTE TO SVEON: Sveon, people don't write ugly things about your stupid devices if you provide minimum support to Linux users.

Installing dnie lib and patching it

Get and install shitty library: 

# cd ~
# wget http://www.dnielectronico.es/descargas/PKCS11_para_Sistemas_Unix/opensc-dnie_1.4.8-1_arch_ll.deb
  Magical things will happen when you change arch by
    i386  (if you have a 32 bits distro), or
    amd64 (if you have a 64 bits distro).
  
# dpkg -i opensc-dnie_1.4.8-1_arch_ll.deb
  ... Again, think in your distro bits ...

And now patch: 

# cd /usr/lib64
# mv libopensc-dnie.so.1.0.4 \
     libopensc-dnie.so.1.0.4.backup
# perl -ne 's/0\.11\.12/0\.11\.13/g;print' \
           < libopensc-dnie.so.1.0.4.backup \
           > libopensc-dnie.so.1.0.4.patch
# ln -s libopensc-dnie.so.1.0.4.patch \
        libopensc-dnie.so.1.0.4

Killing root: 

# exit
$

Testing polla: 

$ pkcs15-tool --list-public-keys
Using reader with a card: NABO NABO
Public RSA Key [KpuAutenticacion]
        Com. Flags  : 3
        Usage       : [0xC0], verify, verifyRecover
        Access Flags: [0x12], extract, local
        ModLength   : 2048
        Key ref     : 1
        Native      : yes
        Path        : xxxxxxxxxxxx
        Auth ID     : 
        ID          : xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Public RSA Key [KpuFirmaDigital]
        Com. Flags  : 3
        Usage       : [0x2C0], verify, verifyRecover, nonRepudiation
        Access Flags: [0x12], extract, local
        ModLength   : 2048
        Key ref     : 2
        Native      : yes
        Path        : xxxxxxxxxxxx
        Auth ID     : 
        ID          : xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

$

Installing dnie lib and patching it

Execute this allowing it to do anything (nobody knows what it does really): 

$ firefox /usr/share/opensc-dnie/instal_dnie/instala_modulo.htm

And this to install the CA (if previous doesn't worked to you -- as happened to me): 

$ firefox /usr/share/opensc-dnie/ac_raiz_dnie.crt

Check every box (you trust in this certificate authority for EVERYTHING).

lucky boy / lucky girl

If you were lucky following this mini-howto you have a working installation of DNIe.

Go back to main page...
Valid XHTML 1.1! Valid CSS!
Esta obra está bajo una Licencia de Creative Commons | rss Noticias | rss Lol