Recent test results for various smart cards

Recent test results for various smart cards

Providing test results is a bit difficult, since a test includes

• OpenSC (Version)
• Smart card (Name, Variant, blank or pre-initialized)
• Operating Sytem (Name, Version, Architecture)
• Smart card reader (Name, Modell, Firmware version)
• Software for the smart card reader driver (Name of the driver, version)
• Middleware (PC/SC-Lite? Version? Configuration?)
• opensc.conf configuration

And of course the features that were tested. Here is a list:

• src/test/regression test suite, run-all script.
• pkcs15-init (manual init, keygen, certificate store, cert+key store)
• pkcs11-tool (manual, “pkcs11-tool —test —login”)
• openssl command line tool with opensc engine
• openssl command line tool with pkcs11 engine
• firefox with pkcs11 module (https authentication with a client certificate and key)
• thunderbird with pkcs11 module (email signing and decryption)
• mozilla with the same tests as firefox and thunderbird
• netscape with the same tests as firefox and thunderbird
• key generation and certificate store via some web site (e.g. thawte community)
• openssh with smart card authentication (or putty on windows)
• openssh agent with smart card authentication (or pageant on windows)
• login with pam module (with local .eid/authorized_certificates)
• login with pam module (with the certificate in an ldap server)
• free/open/stronswan vpn with x.509 certificate authentication using a smart card
• accessing a wireless lan protected with wpa, 802.1x, eap-tls using the wpa_supplicant, with a smart card
• testing the Identity Alliance CSP on windows with the opensc-pkcs11.dll: using internet explorer for client certificate authentication at some website.
• testing the Identity Alliance CSP on windows with the opensc-pkcs11.dll: using outlook to sign and decrypt emails.
• testing CSP #11 on windows with the opensc-pkcs11.dll: using internet explorer for client certificate authentication at some website
• testing CSP #11 on windows with the opensc-pkcs11.dll: using outlook to sign an decrypt emails.

We can’t test all combinations of OpenSC, card, Reader, driver software with all features.

So the basic regression tests (or pkcs11-tool for pre-initialized cards) is done with as many cards
as possible on at least one plattform. Once we know the cards work with OpenSC on this plattform, the next test is
to test as many features as possible on many plattforms, but it is ok to test only with a few or only once card.

Which cards passed the src/test/regression/run-all test suite?

#!rst
==== == ==== ==== ==== === ====

Card Name          OpenSC Date       Reader             Reader driver  Result  Tester      

-———————- -—- -———- -———————- -—————- -—— -————————-

Aladdin eToken PRO 0.9.5  2005-01-13 Aladdin eToken PRO OpenCT 0.6.3   All ok. Andreas Jellinghaus

Cryptoflex 32k     0.9.5  2005-01-13 eGate Token        OpenCT 0.6.3   All ok. Andreas Jellinghaus

Rainbow iKey 3000  0.9.5  2005-01-13 Rainbow iKey 3000  OpenCT 0.6.3   All ok. Andreas Jellinghaus

==== == ==== ==== ==== === ====

Note that Rainbow iKey 3000 has a Starcos SPK 2.3 operating system, and thus the pin0002 test will
fail, but this is ok as the Starcos SPK 2.3 implementation of the ISO 7816 RESET RETRY COUNTER command
is not ISO compliant.

Which cards passed the “pkcs11-tool —test —login” test? (Only for pre-initialized cards)

#!rst
==== == ==== ==== ===== === ====

Card Name          OpenSC Date       Reader             Reader driver   Result  Tester      

-———————- -—- -———- -———————- -—————— -—— -————————-

Signtrust TCOS     0.9.5  2005-03-04 Towitoko Serial    OpenCT 0.6.3    ???     Andreas Jellinghaus

Signtrust TCOS     0.10.0 2005-11-01 Kobil Kaan         PCSC-lite 1.2.0 OK 1)   Peter Koch

TeleSec TCOS       0.10.0 2005-11-01 Kobil Kaan         PCSC-lite 1.2.0 OK 1)   Peter Koch

==== == ==== ==== ===== === ====

1) TCOS supports raw RSA padding and therefor pkcs11-tool tries raw RSA padding with ALL keys.
But TCOS supports RSA padding for decryption keys ONLY, so pkcs11-tool fails when it tests
raw RSA padding with the signature key. This is a minor problem as regular application will
NOT do signature operations with raw RSA padding but use PKCS1 padding instead. The latter
works fine with both signature and decryption keys.

Which operating system works fine with OpenSC? Add one line for every feature that works or not.

#!rst
=================== ============ =================== ============== =========== ========== ===================
Operating System    Version      Architecture        OpenSC         Feature     Result     Tester
------------------- ------------ ------------------- -------------- ----------- ---------- -------------------
Windows XP          PRO SP2      i386                0.9.5+winfixes pkcs15-init All ok.    Andreas Jellinghaus
Windows XP          PRO SP2      i386                0.9.5+winfixes pkcs11-tool All ok.    Andreas Jellinghaus
Windows XP          PRO SP2      i386                0.9.5+winfixes putty       All ok.    Andreas Jellinghaus
Windows XP          PRO SP2      i386                0.9.5+winfixes firefox     Crashes.   Andreas Jellinghaus
Debian GNU/Linux    Sarge        i386                0.9.5          pkcs15-init All ok.    Andreas Jellinghaus
Debian GNU/Linux    Sarge        i386                0.9.5          pkcs15-init All ok.    Andreas Jellinghaus
Debian GNU/Linux    Sarge        i386                0.9.5          pkcs15-init All ok.    Andreas Jellinghaus
Debian GNU/Linux    Sarge        i386                0.9.5          pkcs15-init All ok.    Andreas Jellinghaus
=================== ============ =================== ============== =========== ========== ===================

After you have tested some hardware, please let us know by adding a line.
If something does not work as expected, please also open a new ticket
with a detailed bug report.

Note: adding your name as tester is optional. I think it might be nice so one can ask more details if necessary.