DATEV SmartCard

Aus Ethersex_Wiki
Version vom 27. März 2009, 17:10 Uhr von Stesie (Diskussion | Beiträge) (Seite importiert.)
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Wechseln zu: Navigation, Suche

I recently got myself a DATEV Smartcard classic which is a common German smart card, which I mainly need at work (actually that's why I got one).

Today I accidentally noticed that OpenSC is supposed to support those cards. Therefore I started out, compiled the latest subversion snapshot of (3144) OpenSC and noticed that it didn't work.

I need to apply this slight change first:

--- opensc-0.11.2.orig/src/libopensc/pkcs15-tcos.c                                               
+++ opensc-0.11.2/src/libopensc/pkcs15-tcos.c                                                    
@@ -71,7 +71,7 @@                                                                                
                {1, 2, 0x46, 1, "800082008220", "SignTrust Verschluesselungs Zertifikat"},       
                {1, 2, 0x47, 1, "800083008320", "SignTrust Authentifizierungs Zertifikat"},      
                {0, 3, 0x45, 0, "3000C500",     "DATEV Signatur Zertifikat"},                    
-               {1, 3, 0x46, 0, "DF02C200",     "DATEV Verschluesselungs Zertifikat"},           
+               {0, 3, 0x46, 0, "DF02C200",     "DATEV Verschluesselungs Zertifikat"},           
                {1, 3, 0x47, 0, "DF02C500",     "DATEV Authentifizierungs Zertifikat"},          
                {0, 4, 0x45, 1, "41004352",     "Smartkey Zertifikat 1"},                        
                {0, 4, 0x46, 1, "41004353",     "Smartkey Zertifikat 2"},                        

My card happens to not have the record 3000C500 available and therefore isn't detected correctly. The records DF02C200 and DF02C500 are available, but not checked for by default (because of flags being initialized to one).

After changing this bit it works like a charm. At least it pretends to do so. However, at the moment, OpenSSL doesn't behave well, I can encrypt data with the S/MIME module however I'm not able to decrypt it, for whatever reason. No error message is written to screen, only binary garbage. Well, we'll see, someday I'll get this bitch to work :)

If you're looking for a howto on how to use OpenSC to sign data and verify signatures, have a look at the bottom part of this page.