经过几个小时的挣扎,我觉得是时候向社区询问了。我正在尝试在 Ubuntu 18.04-64 上安装 ACS ACR38T 智能卡读卡器(请参阅https://www.acs.com.hk/en/products/1/acr38t-d1-plug-in-sim-sized-card-reader/)
我可以用 lsusb 看到它:
Bus 002 Device 003: ID 072f:90cc Advanced Card Systems, Ltd ACR38
我安装了libacsccid1,pcsc-tools并且opensc(通过 apt-get),并且使用以下命令一切正常pcsc_scan:
PC/SC device scanner
V 1.5.2 (c) 2001-2017, Ludovic Rousseau <[email protected]>
Using reader plug'n play mechanism
Scanning present readers...
0: ACS ACR38U-CCID 00 00
Tue Sep 3 21:27:03 2019
Reader 0: ACS ACR38U-CCID 00 00
Card state: Card inserted,
ATR: 3B 7D 18 00 00 00 48 79 70 73 49 44 20 53 33 07 90 00
ATR: 3B 7D 18 00 00 00 48 79 70 73 49 44 20 53 33 07 90 00
+ TS = 3B --> Direct Convention
+ T0 = 7D, Y(1): 0111, K: 13 (historical bytes)
TA(1) = 18 --> Fi=372, Di=12, 31 cycles/ETU
129032 bits/s at 4 MHz, fMax for Fi = 5 MHz => 161290 bits/s
TB(1) = 00 --> VPP is not electrically connected
TC(1) = 00 --> Extra guard time: 0
+ Historical bytes: 00 48 79 70 73 49 44 20 53 33 07 90 00
Category indicator byte: 00 (compact TLV data object)
Tag: 4, len: 8 (initial access data)
Initial access data: 79 70 73 49 44 20 53 33
Mandatory status indicator (3 last bytes)
LCS (life card cycle): 07 (Operational state (activated))
SW: 9000 (Normal processing.)
Possibly identified card (using /usr/share/pcsc/smartcard_list.txt):
3B 7D 18 00 00 00 48 79 70 73 49 44 20 53 33 07 90 00
Safran Morpho YpsID S3
不幸的是,当我/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so在 Firefox -> 安全设备中作为新模块加载时,它显示:
Status: Not Present
Description: ACS ACR38U-CCID 00 00
Manufacturer: ACS
HW Version: 1.0
FW Version: 0.0
基本上,Firefoxpcsc_scan将该设备视为“卡已插入”,但将其视为“不存在”,因此我无法使用该证书。我知道这不是硬件问题,因为该设备在 Windows 7 计算机上运行
你知道发生了什么事吗?
谢谢你的帮助!
答案1
我将同一台设备 (ACS ACR 38U-CCID) 与 SuisseID 一起使用。由于未知原因,我观察到了与您相同的行为。OpenSC 可以以某种方式与该设备配合使用,但 Firefox 不能。
为了最终使其与 Firefox 兼容,我使用了供应商提供的 PKCS11 库而不是 OpenSC PKCS11 库:
$ wget http://postsuisseid.ch/images/setup/postsuisseid-lin-1647.tar.bz2
$ tar xjf postsuisseid-lin-1647.tar.bz2
现在将其postsuisseid-lin-1647/lib_amd64/libcvP11.so作为新的安全模块加载到 Firefox 中,您应该能够登录并使用您的智能卡。
为了测试目的检查 PKCS11 库是否有效,您可以使用以下命令:
但事实不应该如此:
$ pkcs11-tool --verbose --test --module /usr/lib/pkcs11/opensc-pkcs11.so
No slot with a token was found.
应该如何:
$ pkcs11-tool --verbose --test --module postsuisseid-lin-1647/lib_amd64/libcvP11.so
Using slot 0 with a present token (0x1)
C_SeedRandom() and C_GenerateRandom():
seeding (C_SeedRandom) not supported
seems to be OK
Digests:
all 4 digest functions seem to work
MD5: OK
SHA-1: OK
RIPEMD160: OK
Signature: not a R/W session, skipping signature tests
Verify: not a R/W session, skipping verify tests
Key unwrap: not a R/W session, skipping key unwrap tests
Decryption: not a R/W session, skipping decryption tests
No errors