Monday, March 24, 2014

Level 1 smart card support on GNU/Linux

As I did for Mac OS X in "Level 1 smart card support on Mac OS X" I propose to present some 1st step actions to check your smart card stack is working correctly on a GNU/Linux system.

Operating System choice

Unix is available in a lot of different versions. I will only consider a GNU/Linux system here and also only a Debian GNU/Linux distribution.

If you use Ubuntu (or another Debian derivative distribution) then the same tools are available.
If you use another GNU/Linux distribution maybe the same software are already packaged and available.

Command line tools

All the commands I will describe are command line tools. You need to start a "terminal" application also called terminal emulator to enter the commands.

I will not describe here how to start a "terminal" application. It depends too much on the graphical environment (or desktop) you are using.

pcsc_scan

pcsc_scan is a command line tool. You need to install the pcsc-tools Debian package (or recompile pcsc_scan yourself from the upstream pcsc-tools).

Normal execution

In green the commands entered by the user.

$ pcsc_scan
PC/SC device scanner
V 1.4.22 (c) 2001-2011, Ludovic Rousseau <ludovic.rousseau@free.fr>
Compiled with PC/SC lite version: 1.8.8
Using reader plug'n play mechanism
Scanning present readers...
0: Gemalto PC Twin Reader (70D7E2EE) 00 00

Mon Mar 24 15:31:17 2014
Reader 0: Gemalto PC Twin Reader (70D7E2EE) 00 00
  Card state: Card inserted, 
  ATR: 3B 7E 13 00 00 00 6A 11 63 54 05 48 05 02 C6 01 22 90 00
ATR: 3B 7E 13 00 00 00 6A 11 63 54 05 48 05 02 C6 01 22 90 00
+ TS = 3B --> Direct Convention
+ T0 = 7E, Y(1): 0111, K: 14 (historical bytes)
  TA(1) = 13 --> Fi=372, Di=4, 93 cycles/ETU
    43010 bits/s at 4 MHz, fMax for Fi = 5 MHz => 53763 bits/s
  TB(1) = 00 --> VPP is not electrically connected
  TC(1) = 00 --> Extra guard time: 0
+ Historical bytes: 00 6A 11 63 54 05 48 05 02 C6 01 22 90 00
  Category indicator byte: 00 (compact TLV data object)
    Tag: 6, len: A (pre-issuing data)
      Data: 11 63 54 05 48 05 02 C6 01
    Mandatory status indicator (3 last bytes)
      LCS (life card cycle): 22 (Proprietary)
      SW: 9000 (Normal processing.)

Possibly identified card (using /home/lroussea/.cache/smartcard_list.txt):
3B 7E 13 00 00 00 6A 11 63 54 05 48 05 02 C6 01 22 90 00
3B 7E 13 00 00 00 6A 11 63 54 05 48 .. .. .. 01 22 90 00
 Sagem Windows for smart cards

Important information your should note:
  • the reader name: "Gemalto PC Twin Reader (70D7E2EE) 00 00"
  • the card ATR: 3B 7E 13 00 00 00 6A 11 63 54 05 48 05 02 C6 01 22 90 00
  • the card description (if available): Sagem Windows for smart cards
Of course in your card the information will be different. Unless you really have a "Windows for smart card" card .

Compared to Apple pcsctest we have some differences:
  • use of colors for important information
  • no need to select a reader
  • no debug messages
  • smart card identification
  • ATR parsing

No reader connected


$ pcsc_scan
PC/SC device scanner
V 1.4.22 (c) 2001-2011, Ludovic Rousseau <ludovic.rousseau@free.fr>
Compiled with PC/SC lite version: 1.8.8
Using reader plug'n play mechanism
Scanning present readers...
Waiting for the first reader...

You do not get an error (as on Mac OS X) but the program is waiting for you to connect a smart card reader.

No smart card inserted


$ pcsc_scan
PC/SC device scanner
V 1.4.22 (c) 2001-2011, Ludovic Rousseau <ludovic.rousseau@free.fr>
Compiled with PC/SC lite version: 1.8.8
Using reader plug'n play mechanism
Scanning present readers...
0: Gemalto PC Twin Reader (70D7E2EE) 00 00

Mon Mar 24 15:36:01 2014
Reader 0: Gemalto PC Twin Reader (70D7E2EE) 00 00
  Card state: Card removed, 

The program is waiting for you to insert a smart card.

scriptor

Once you have checked your reader and your smart card are available using pcsc_scan, you can try to communicate with the card and send some APDUs.

scriptor is a command line tool also part of pcsc-tools.

$ scriptor 
No reader given: using Gemalto PC Twin Reader (70D7E2EE) 00 00
Using T=0 protocol
Reading commands from STDIN
00 A4 00 02 3F 00
> 00 A4 00 02 3F 00
< 6D 00 : Instruction code not supported or invalid.

Here we are sending the APDU "00 A4 00 02 3F 00" which is a SELECT command for the file "3F 00" i.e. the Master File.
The result of the command is "6D 00" here. This is an error code but that is not really important for our test. We just wanted to test we can communicate with the card.

gscriptor

If you really can't use command line tools you can try gscriptor. It is a graphical application also part of pcsc-tools.


Conclusion

These first steps are easy to excecute on Debian GNU/Linux, and should also be easy on another GNU/Linux system.

If you do not have the expected results then you need to contact your level 2 support team.