javacard - 将 Java 卡与 Bitlocker 一起使用

Question

我想使用 J2A040 JCOP 21-36k java 卡使用 gidsapplet 和 OpenSC 实现智能卡驱动的 bitlocker-to-go 解决方案，但是当尝试在卡上放置证书时（certreq -new）我无法通过Windows 中的“智能卡未完全个性化使用”错误。

这是使用 gids-tool 的转储内容：

Dumping Files:
Found 5 entries in the masterfile
   Directory: mscp
      FileIdentifier: 0xa000

   File: \cardid
  FileIdentifier: 0xa012
  DataObjectIdentifier: 0xdf20
  Size: 16

   File: \cardapps
  FileIdentifier: 0xa010
  DataObjectIdentifier: 0xdf21
  Size: 8

   File: \cardcf
  FileIdentifier: 0xa010
  DataObjectIdentifier: 0xdf22
  Size: 6

   File: mscp\cmapfile
  FileIdentifier: 0xa010
  DataObjectIdentifier: 0xdf23
  Size: 0

Dumping containers:
   no container found

使用 pkcs15-init 我无法创建元结构，因为我收到无法创建 PKCS #15 元结构：APDU 中的参数不正确这是 pkcs15-init --create-pkcs15 -vvvvvvvvv 从 gids 驱动程序开始的输出部分：

trying driver 'gids'
card-gids.c:570:gids_match_card: called
card-gids.c:281:gids_select_aid: called
Got args: aid=00007FFC31591840, aidlen=9, response=0000007C6FD5EEF0, responselen=261
apdu.c:554:sc_transmit_apdu: called
card.c:415:sc_lock: called
reader-pcsc.c:613:pcsc_lock: called
card-gids.c:2057:gids_card_reader_lock_obtained: called
card-gids.c:2065:gids_card_reader_lock_obtained: returning with: 0 (Success)
card.c:455:sc_lock: returning with: 0 (Success)
apdu.c:521:sc_transmit: called
apdu.c:371:sc_single_transmit: called
CLA:0, INS:A4, P1:4, P2:0, data(9) 00007FFC31591840
reader 'Broadcom Corp Contacted SmartCard 0'
reader-pcsc.c:285:pcsc_transmit:
Outgoing APDU (15 bytes):
00 A4 04 00 09 A0 00 00 03 97 42 54 46 59 00 ..........BTFY.
reader-pcsc.c:213:pcsc_internal_transmit: called
reader-pcsc.c:294:pcsc_transmit:
Incoming APDU (22 bytes):
61 12 4F 0B A0 00 00 03 97 42 54 46 59 02 01 73 a.O......BTFY..s
03 40 01 C0 90 00                               .@....
apdu.c:390:sc_single_transmit: returning with: 0 (Success)
apdu.c:543:sc_transmit: returning with: 0 (Success)
card.c:465:sc_unlock: called
reader-pcsc.c:663:pcsc_unlock: called
card-gids.c:299:gids_select_aid: returning with: 0 (Success)
found AID
matched: GIDS Smart Card
card-gids.c:632:gids_init: called
card info name:'GIDS Smart Card', type:30003, flags:0x0,             max_send/recv_size:255/256
card.c:1462:sc_card_sm_check: called
card->sm_ctx.ops.open 0000000000000000
card.c:1468:sc_card_sm_check: returning with: 0 (Success)
card.c:339:sc_connect_card: returning with: 0 (Success)
Using card driver GIDS Smart Card.
pkcs15-lib.c:313:sc_pkcs15init_bind: called
card.c:951:sc_card_ctl: called
card-gids.c:2019:gids_card_ctl: called
card_ctl(4) not supported
called; type=2, path=3f0050154946
card-gids.c:920:gids_select_file: called
apdu.c:554:sc_transmit_apdu: called
card.c:415:sc_lock: called
reader-pcsc.c:613:pcsc_lock: called
card-gids.c:2057:gids_card_reader_lock_obtained: called
card-gids.c:2065:gids_card_reader_lock_obtained: returning with: 0 (Success)
card.c:455:sc_lock: returning with: 0 (Success)
apdu.c:521:sc_transmit: called
apdu.c:371:sc_single_transmit: called
CLA:0, INS:A4, P1:8, P2:0, data(4) 0000007C6FD5F222
reader 'Broadcom Corp Contacted SmartCard 0'
reader-pcsc.c:285:pcsc_transmit:
Outgoing APDU (10 bytes):
00 A4 08 00 04 50 15 49 46 00 .....P.IF.
reader-pcsc.c:213:pcsc_internal_transmit: called
reader-pcsc.c:294:pcsc_transmit:
Incoming APDU (2 bytes):
6A 86 j.
apdu.c:390:sc_single_transmit: returning with: 0 (Success)
apdu.c:543:sc_transmit: returning with: 0 (Success)
card.c:465:sc_unlock: called
reader-pcsc.c:663:pcsc_unlock: called
Incorrect parameters P1-P2
iso7816.c:578:iso7816_select_file: returning with: -1205 (Incorrect     parameters in APDU)
card.c:776:sc_select_file: 'SELECT' error: -1205 (Incorrect parameters in APDU)
profile.c:336:sc_profile_load: called
Using profile directory 'C:\Program Files\OpenSC Project\OpenSC\profiles'.
Trying profile file C:\Program Files\OpenSC         Project\OpenSC\profiles\pkcs15.profile
profile C:\Program Files\OpenSC Project\OpenSC\profiles\pkcs15.profile loaded ok
profile.c:383:sc_profile_load: returning with: 0 (Success)
profile.c:336:sc_profile_load: called
Using profile directory 'C:\Program Files\OpenSC Project\OpenSC\profiles'.
Trying profile file C:\Program Files\OpenSC Project\OpenSC\profiles\gids.profile
profile C:\Program Files\OpenSC Project\OpenSC\profiles\gids.profile loaded ok
profile.c:383:sc_profile_load: returning with: 0 (Success)
profile.c:395:sc_profile_finish: called
profile.c:438:sc_profile_finish: returning with: 0 (Success)
pkcs15-lib.c:420:sc_pkcs15init_bind: returning with: 0 (Success)
About to create PKCS #15 meta structure.
New Security Officer PIN (Optional - press return for no PIN).
Please enter Security Officer PIN: Please type again to verify: Unblock Code for New User PIN (Optional - press return for no PIN).
Please enter User unblocking PIN (PUK): Please type again to verify:      card.c:415:sc_lock: called
reader-pcsc.c:613:pcsc_lock: called
card-gids.c:2057:gids_card_reader_lock_obtained: called
card-gids.c:2065:gids_card_reader_lock_obtained: returning with: 0 (Success)
card.c:455:sc_lock: returning with: 0 (Success)
pkcs15-lib.c:774:sc_pkcs15init_add_app: called
pkcs15-lib.c:4172:sc_pkcs15init_qualify_pin: called
pkcs15-lib.c:4191:sc_pkcs15init_qualify_pin: returning with: 0 (Success)
pkcs15-lib.c:4172:sc_pkcs15init_qualify_pin: called
pkcs15-lib.c:4191:sc_pkcs15init_qualify_pin: returning with: 0 (Success)
Add virtual SO_PIN('Security Officer PIN',flags:B2,reference:-1,path:'3f005015')
card.c:951:sc_card_ctl: called
card-gids.c:2019:gids_card_ctl: called
card-gids.c:605:gids_get_serialnr: called
card-gids.c:386:gids_read_gidsfile: called
card-gids.c:216:gids_get_DO: called
Got args: fileIdentifier=a000, dataObjectIdentifier=df1f,     response=00000250F5BCD1C0, responselen=65000
apdu.c:554:sc_transmit_apdu: called
card.c:415:sc_lock: called
card.c:455:sc_lock: returning with: 0 (Success)
apdu.c:521:sc_transmit: called
apdu.c:371:sc_single_transmit: called
CLA:0, INS:CB, P1:A0, P2:0, data(4) 0000007C6FD3ECE0
reader 'Broadcom Corp Contacted SmartCard 0'
reader-pcsc.c:285:pcsc_transmit:
Outgoing APDU (10 bytes):
00 CB A0 00 04 5C 02 DF 1F 00 .....\....
reader-pcsc.c:213:pcsc_internal_transmit: called
reader-pcsc.c:294:pcsc_transmit:
Incoming APDU (147 bytes):
DF 1F 81 8D 01 6D 73 63 70 00 00 00 00 00 00 00 .....mscp.......
00 00 00 00 00 00 00 00 00 00 00 00 00 00 A0 00 ................
00 00 00 00 00 00 00 00 00 00 63 61 72 64 69 64 ..........cardid
00 00 00 00 00 20 DF 00 00 12 A0 00 00 00 00 00 ..... ..........
00 00 00 00 00 00 63 61 72 64 61 70 70 73 00 00 ......cardapps..
00 21 DF 00 00 10 A0 00 00 00 00 00 00 00 00 00 .!..............
00 00 63 61 72 64 63 66 00 00 00 00 00 22 DF 00 ..cardcf....."..
00 10 A0 00 00 6D 73 63 70 00 00 00 00 00 63 6D .....mscp.....cm
61 70 66 69 6C 65 00 00 00 23 DF 00 00 10 A0 00 apfile...#......
00 90 00                                        ...
apdu.c:390:sc_single_transmit: returning with: 0 (Success)
apdu.c:543:sc_transmit: returning with: 0 (Success)
card.c:465:sc_unlock: called
card-gids.c:311:gids_read_gidsfile_without_cache: called
Identifiers of  cardid is fileIdentifier=a012, dataObjectIdentifier=df20
card-gids.c:216:gids_get_DO: called
Got args: fileIdentifier=a012, dataObjectIdentifier=df20,     response=0000007C6FD4ECE0, responselen=65538
apdu.c:554:sc_transmit_apdu: called
card.c:415:sc_lock: called
card.c:455:sc_lock: returning with: 0 (Success)
apdu.c:521:sc_transmit: called
apdu.c:371:sc_single_transmit: called
CLA:0, INS:CB, P1:A0, P2:12, data(4) 0000007C6FD3ECB0
reader 'Broadcom Corp Contacted SmartCard 0'
reader-pcsc.c:285:pcsc_transmit:
Outgoing APDU (10 bytes):
00 CB A0 12 04 5C 02 DF 20 00 .....\.. .
reader-pcsc.c:213:pcsc_internal_transmit: called
reader-pcsc.c:294:pcsc_transmit:
Incoming APDU (21 bytes):
DF 20 10 4D 55 E8 C6 5A C5 F4 49 4A F9 29 6E 96 . .MU..Z..IJ.)n.
EB 83 89 90 00                                  .....
apdu.c:390:sc_single_transmit: returning with: 0 (Success)
apdu.c:543:sc_transmit: returning with: 0 (Success)
card.c:465:sc_unlock: called
card-gids.c:394:gids_read_gidsfile: returning with: 0 (Success)
card-gids.c:624:gids_get_serialnr: returning with: 0 (Success)
card.c:961:sc_card_ctl: returning with: 0 (Success)
pkcs15-lib.c:3143:sc_pkcs15init_add_object: called
add object 00000250F5C1B2D0 to DF of type 8
Append object
pkcs15-gids.c:109:gids_emu_update_any_df: called
pkcs15-gids.c:112:gids_emu_update_any_df: returning with: 0 (Success)
pkcs15-lib.c:3187:sc_pkcs15init_add_object: returning with: 0 (Success)
pkcs15-lib.c:2943:sc_pkcs15init_update_dir: called
dir.c:163:sc_enum_apps: called
called; type=2, path=3f002f00
card-gids.c:920:gids_select_file: called
apdu.c:554:sc_transmit_apdu: called
card.c:415:sc_lock: called
card.c:455:sc_lock: returning with: 0 (Success)
apdu.c:521:sc_transmit: called
apdu.c:371:sc_single_transmit: called
CLA:0, INS:A4, P1:8, P2:0, data(2) 0000007C6FD5E7F2
reader 'Broadcom Corp Contacted SmartCard 0'
reader-pcsc.c:285:pcsc_transmit:
Outgoing APDU (8 bytes):
00 A4 08 00 02 2F 00 00 ...../..
reader-pcsc.c:213:pcsc_internal_transmit: called
reader-pcsc.c:294:pcsc_transmit:
Incoming APDU (2 bytes):
6A 86 j.
apdu.c:390:sc_single_transmit: returning with: 0 (Success)
apdu.c:543:sc_transmit: returning with: 0 (Success)
card.c:465:sc_unlock: called
Incorrect parameters P1-P2
iso7816.c:578:iso7816_select_file: returning with: -1205 (Incorrect parameters in APDU)
card.c:776:sc_select_file: 'SELECT' error: -1205 (Incorrect parameters in APDU)
dir.c:171:sc_enum_apps: Cannot select EF.DIR file: -1205 (Incorrect parameters in APDU)
pkcs15-lib.c:2971:sc_pkcs15init_update_dir: returning with: -1205 (Incorrect parameters in APDU)
pkcs15-lib.c:3922:sc_pkcs15init_update_file: called
path:3f0050154946; datalen:128
called; type=2, path=3f0050154946
card-gids.c:920:gids_select_file: called
apdu.c:554:sc_transmit_apdu: called
card.c:415:sc_lock: called
card.c:455:sc_lock: returning with: 0 (Success)
apdu.c:521:sc_transmit: called
apdu.c:371:sc_single_transmit: called
CLA:0, INS:A4, P1:8, P2:0, data(4) 0000007C6FD5E932
reader 'Broadcom Corp Contacted SmartCard 0'
reader-pcsc.c:285:pcsc_transmit:
Outgoing APDU (10 bytes):
00 A4 08 00 04 50 15 49 46 00 .....P.IF.
reader-pcsc.c:213:pcsc_internal_transmit: called
reader-pcsc.c:294:pcsc_transmit:
Incoming APDU (2 bytes):
6A 86 j.
apdu.c:390:sc_single_transmit: returning with: 0 (Success)
apdu.c:543:sc_transmit: returning with: 0 (Success)
card.c:465:sc_unlock: called
Incorrect parameters P1-P2
iso7816.c:578:iso7816_select_file: returning with: -1205 (Incorrect parameters in APDU)
card.c:776:sc_select_file: 'SELECT' error: -1205 (Incorrect parameters in APDU)
pkcs15-lib.c:3944:sc_pkcs15init_update_file: Failed to select file: -1205 (Incorrect parameters in APDU)
pkcs15-lib.c:920:sc_pkcs15init_add_app: returning with: -1205 (Incorrect parameters in APDU)
card.c:465:sc_unlock: called
reader-pcsc.c:663:pcsc_unlock: called
Failed to create PKCS #15 meta structure: Incorrect parameters in APDU
pkcs15-lib.c:430:sc_pkcs15init_unbind: called
Pksc15init Unbind: 0:0000000000000000:1
card.c:356:sc_disconnect_card: called
card-gids.c:656:gids_finish: called
Broadcom Corp Contacted SmartCard 0:SCardDisconnect returned: 0x00000000
card.c:378:sc_disconnect_card: returning with: 0 (Success)
ctx.c:906:sc_release_context: called
reader-pcsc.c:900:pcsc_finish: called

我不致力于这些工具，并对任何建议持开放态度。

score 0 · Accepted Answer

似乎问题一直是 activclient 智能卡驱动程序。

我为我的特定智能卡编辑了注册表项：（HKLM\Software\Microsoft\Cryptography\Calais\Smartcards\ 并将 80000001 字符串值更改为默认的 Windows 驱动程序（C:\Windows\System32\msclmd.dll），我是能够加载小程序，加载密钥，并利用这些卡进行 bitlocker 加密。

javacard - 将 Java 卡与 Bitlocker 一起使用

1 回答 1

Related

Reference