使用带有 Bitlocker 的 Java 卡

Using a Java Card with Bitlocker

我想使用 J2A040 JCOP 21-36k java 卡来使用 gidsapplet 和 OpenSC 实现智能卡驱动的 bitlocker-to-go 解决方案,但是在尝试将证书放在卡上时 (certreq -new ) 我无法克服来自 windows 的 "The smart card is not fully personalized for use" 错误。

这是使用 gids-tool 的转储内容:

Dumping Files:
Found 5 entries in the masterfile
   Directory: mscp
      FileIdentifier: 0xa000

   File: \cardid
  FileIdentifier: 0xa012
  DataObjectIdentifier: 0xdf20
  Size: 16

   File: \cardapps
  FileIdentifier: 0xa010
  DataObjectIdentifier: 0xdf21
  Size: 8

   File: \cardcf
  FileIdentifier: 0xa010
  DataObjectIdentifier: 0xdf22
  Size: 6

   File: mscp\cmapfile
  FileIdentifier: 0xa010
  DataObjectIdentifier: 0xdf23
  Size: 0

Dumping containers:
   no container found

使用 pkcs15-init 我无法创建元结构,因为我收到无法创建 PKCS #15 元结构:APDU 中的参数不正确 这是从 gids 驱动程序部分开始的 pkcs15-init --create-pkcs15 -vvvvvvvvv 的输出:

trying driver 'gids'
card-gids.c:570:gids_match_card: called
card-gids.c:281:gids_select_aid: called
Got args: aid=00007FFC31591840, aidlen=9, response=0000007C6FD5EEF0, responselen=261
apdu.c:554:sc_transmit_apdu: called
card.c:415:sc_lock: called
reader-pcsc.c:613:pcsc_lock: called
card-gids.c:2057:gids_card_reader_lock_obtained: called
card-gids.c:2065:gids_card_reader_lock_obtained: returning with: 0 (Success)
card.c:455:sc_lock: returning with: 0 (Success)
apdu.c:521:sc_transmit: called
apdu.c:371:sc_single_transmit: called
CLA:0, INS:A4, P1:4, P2:0, data(9) 00007FFC31591840
reader 'Broadcom Corp Contacted SmartCard 0'
reader-pcsc.c:285:pcsc_transmit:
Outgoing APDU (15 bytes):
00 A4 04 00 09 A0 00 00 03 97 42 54 46 59 00 ..........BTFY.
reader-pcsc.c:213:pcsc_internal_transmit: called
reader-pcsc.c:294:pcsc_transmit:
Incoming APDU (22 bytes):
61 12 4F 0B A0 00 00 03 97 42 54 46 59 02 01 73 a.O......BTFY..s
03 40 01 C0 90 00                               .@....
apdu.c:390:sc_single_transmit: returning with: 0 (Success)
apdu.c:543:sc_transmit: returning with: 0 (Success)
card.c:465:sc_unlock: called
reader-pcsc.c:663:pcsc_unlock: called
card-gids.c:299:gids_select_aid: returning with: 0 (Success)
found AID
matched: GIDS Smart Card
card-gids.c:632:gids_init: called
card info name:'GIDS Smart Card', type:30003, flags:0x0,             max_send/recv_size:255/256
card.c:1462:sc_card_sm_check: called
card->sm_ctx.ops.open 0000000000000000
card.c:1468:sc_card_sm_check: returning with: 0 (Success)
card.c:339:sc_connect_card: returning with: 0 (Success)
Using card driver GIDS Smart Card.
pkcs15-lib.c:313:sc_pkcs15init_bind: called
card.c:951:sc_card_ctl: called
card-gids.c:2019:gids_card_ctl: called
card_ctl(4) not supported
called; type=2, path=3f0050154946
card-gids.c:920:gids_select_file: called
apdu.c:554:sc_transmit_apdu: called
card.c:415:sc_lock: called
reader-pcsc.c:613:pcsc_lock: called
card-gids.c:2057:gids_card_reader_lock_obtained: called
card-gids.c:2065:gids_card_reader_lock_obtained: returning with: 0 (Success)
card.c:455:sc_lock: returning with: 0 (Success)
apdu.c:521:sc_transmit: called
apdu.c:371:sc_single_transmit: called
CLA:0, INS:A4, P1:8, P2:0, data(4) 0000007C6FD5F222
reader 'Broadcom Corp Contacted SmartCard 0'
reader-pcsc.c:285:pcsc_transmit:
Outgoing APDU (10 bytes):
00 A4 08 00 04 50 15 49 46 00 .....P.IF.
reader-pcsc.c:213:pcsc_internal_transmit: called
reader-pcsc.c:294:pcsc_transmit:
Incoming APDU (2 bytes):
6A 86 j.
apdu.c:390:sc_single_transmit: returning with: 0 (Success)
apdu.c:543:sc_transmit: returning with: 0 (Success)
card.c:465:sc_unlock: called
reader-pcsc.c:663:pcsc_unlock: called
Incorrect parameters P1-P2
iso7816.c:578:iso7816_select_file: returning with: -1205 (Incorrect     parameters in APDU)
card.c:776:sc_select_file: 'SELECT' error: -1205 (Incorrect parameters in APDU)
profile.c:336:sc_profile_load: called
Using profile directory 'C:\Program Files\OpenSC Project\OpenSC\profiles'.
Trying profile file C:\Program Files\OpenSC         Project\OpenSC\profiles\pkcs15.profile
profile C:\Program Files\OpenSC Project\OpenSC\profiles\pkcs15.profile loaded ok
profile.c:383:sc_profile_load: returning with: 0 (Success)
profile.c:336:sc_profile_load: called
Using profile directory 'C:\Program Files\OpenSC Project\OpenSC\profiles'.
Trying profile file C:\Program Files\OpenSC Project\OpenSC\profiles\gids.profile
profile C:\Program Files\OpenSC Project\OpenSC\profiles\gids.profile loaded ok
profile.c:383:sc_profile_load: returning with: 0 (Success)
profile.c:395:sc_profile_finish: called
profile.c:438:sc_profile_finish: returning with: 0 (Success)
pkcs15-lib.c:420:sc_pkcs15init_bind: returning with: 0 (Success)
About to create PKCS #15 meta structure.
New Security Officer PIN (Optional - press return for no PIN).
Please enter Security Officer PIN: Please type again to verify: Unblock Code for New User PIN (Optional - press return for no PIN).
Please enter User unblocking PIN (PUK): Please type again to verify:      card.c:415:sc_lock: called
reader-pcsc.c:613:pcsc_lock: called
card-gids.c:2057:gids_card_reader_lock_obtained: called
card-gids.c:2065:gids_card_reader_lock_obtained: returning with: 0 (Success)
card.c:455:sc_lock: returning with: 0 (Success)
pkcs15-lib.c:774:sc_pkcs15init_add_app: called
pkcs15-lib.c:4172:sc_pkcs15init_qualify_pin: called
pkcs15-lib.c:4191:sc_pkcs15init_qualify_pin: returning with: 0 (Success)
pkcs15-lib.c:4172:sc_pkcs15init_qualify_pin: called
pkcs15-lib.c:4191:sc_pkcs15init_qualify_pin: returning with: 0 (Success)
Add virtual SO_PIN('Security Officer PIN',flags:B2,reference:-1,path:'3f005015')
card.c:951:sc_card_ctl: called
card-gids.c:2019:gids_card_ctl: called
card-gids.c:605:gids_get_serialnr: called
card-gids.c:386:gids_read_gidsfile: called
card-gids.c:216:gids_get_DO: called
Got args: fileIdentifier=a000, dataObjectIdentifier=df1f,     response=00000250F5BCD1C0, responselen=65000
apdu.c:554:sc_transmit_apdu: called
card.c:415:sc_lock: called
card.c:455:sc_lock: returning with: 0 (Success)
apdu.c:521:sc_transmit: called
apdu.c:371:sc_single_transmit: called
CLA:0, INS:CB, P1:A0, P2:0, data(4) 0000007C6FD3ECE0
reader 'Broadcom Corp Contacted SmartCard 0'
reader-pcsc.c:285:pcsc_transmit:
Outgoing APDU (10 bytes):
00 CB A0 00 04 5C 02 DF 1F 00 .....\....
reader-pcsc.c:213:pcsc_internal_transmit: called
reader-pcsc.c:294:pcsc_transmit:
Incoming APDU (147 bytes):
DF 1F 81 8D 01 6D 73 63 70 00 00 00 00 00 00 00 .....mscp.......
00 00 00 00 00 00 00 00 00 00 00 00 00 00 A0 00 ................
00 00 00 00 00 00 00 00 00 00 63 61 72 64 69 64 ..........cardid
00 00 00 00 00 20 DF 00 00 12 A0 00 00 00 00 00 ..... ..........
00 00 00 00 00 00 63 61 72 64 61 70 70 73 00 00 ......cardapps..
00 21 DF 00 00 10 A0 00 00 00 00 00 00 00 00 00 .!..............
00 00 63 61 72 64 63 66 00 00 00 00 00 22 DF 00 ..cardcf....."..
00 10 A0 00 00 6D 73 63 70 00 00 00 00 00 63 6D .....mscp.....cm
61 70 66 69 6C 65 00 00 00 23 DF 00 00 10 A0 00 apfile...#......
00 90 00                                        ...
apdu.c:390:sc_single_transmit: returning with: 0 (Success)
apdu.c:543:sc_transmit: returning with: 0 (Success)
card.c:465:sc_unlock: called
card-gids.c:311:gids_read_gidsfile_without_cache: called
Identifiers of  cardid is fileIdentifier=a012, dataObjectIdentifier=df20
card-gids.c:216:gids_get_DO: called
Got args: fileIdentifier=a012, dataObjectIdentifier=df20,     response=0000007C6FD4ECE0, responselen=65538
apdu.c:554:sc_transmit_apdu: called
card.c:415:sc_lock: called
card.c:455:sc_lock: returning with: 0 (Success)
apdu.c:521:sc_transmit: called
apdu.c:371:sc_single_transmit: called
CLA:0, INS:CB, P1:A0, P2:12, data(4) 0000007C6FD3ECB0
reader 'Broadcom Corp Contacted SmartCard 0'
reader-pcsc.c:285:pcsc_transmit:
Outgoing APDU (10 bytes):
00 CB A0 12 04 5C 02 DF 20 00 .....\.. .
reader-pcsc.c:213:pcsc_internal_transmit: called
reader-pcsc.c:294:pcsc_transmit:
Incoming APDU (21 bytes):
DF 20 10 4D 55 E8 C6 5A C5 F4 49 4A F9 29 6E 96 . .MU..Z..IJ.)n.
EB 83 89 90 00                                  .....
apdu.c:390:sc_single_transmit: returning with: 0 (Success)
apdu.c:543:sc_transmit: returning with: 0 (Success)
card.c:465:sc_unlock: called
card-gids.c:394:gids_read_gidsfile: returning with: 0 (Success)
card-gids.c:624:gids_get_serialnr: returning with: 0 (Success)
card.c:961:sc_card_ctl: returning with: 0 (Success)
pkcs15-lib.c:3143:sc_pkcs15init_add_object: called
add object 00000250F5C1B2D0 to DF of type 8
Append object
pkcs15-gids.c:109:gids_emu_update_any_df: called
pkcs15-gids.c:112:gids_emu_update_any_df: returning with: 0 (Success)
pkcs15-lib.c:3187:sc_pkcs15init_add_object: returning with: 0 (Success)
pkcs15-lib.c:2943:sc_pkcs15init_update_dir: called
dir.c:163:sc_enum_apps: called
called; type=2, path=3f002f00
card-gids.c:920:gids_select_file: called
apdu.c:554:sc_transmit_apdu: called
card.c:415:sc_lock: called
card.c:455:sc_lock: returning with: 0 (Success)
apdu.c:521:sc_transmit: called
apdu.c:371:sc_single_transmit: called
CLA:0, INS:A4, P1:8, P2:0, data(2) 0000007C6FD5E7F2
reader 'Broadcom Corp Contacted SmartCard 0'
reader-pcsc.c:285:pcsc_transmit:
Outgoing APDU (8 bytes):
00 A4 08 00 02 2F 00 00 ...../..
reader-pcsc.c:213:pcsc_internal_transmit: called
reader-pcsc.c:294:pcsc_transmit:
Incoming APDU (2 bytes):
6A 86 j.
apdu.c:390:sc_single_transmit: returning with: 0 (Success)
apdu.c:543:sc_transmit: returning with: 0 (Success)
card.c:465:sc_unlock: called
Incorrect parameters P1-P2
iso7816.c:578:iso7816_select_file: returning with: -1205 (Incorrect parameters in APDU)
card.c:776:sc_select_file: 'SELECT' error: -1205 (Incorrect parameters in APDU)
dir.c:171:sc_enum_apps: Cannot select EF.DIR file: -1205 (Incorrect parameters in APDU)
pkcs15-lib.c:2971:sc_pkcs15init_update_dir: returning with: -1205 (Incorrect parameters in APDU)
pkcs15-lib.c:3922:sc_pkcs15init_update_file: called
path:3f0050154946; datalen:128
called; type=2, path=3f0050154946
card-gids.c:920:gids_select_file: called
apdu.c:554:sc_transmit_apdu: called
card.c:415:sc_lock: called
card.c:455:sc_lock: returning with: 0 (Success)
apdu.c:521:sc_transmit: called
apdu.c:371:sc_single_transmit: called
CLA:0, INS:A4, P1:8, P2:0, data(4) 0000007C6FD5E932
reader 'Broadcom Corp Contacted SmartCard 0'
reader-pcsc.c:285:pcsc_transmit:
Outgoing APDU (10 bytes):
00 A4 08 00 04 50 15 49 46 00 .....P.IF.
reader-pcsc.c:213:pcsc_internal_transmit: called
reader-pcsc.c:294:pcsc_transmit:
Incoming APDU (2 bytes):
6A 86 j.
apdu.c:390:sc_single_transmit: returning with: 0 (Success)
apdu.c:543:sc_transmit: returning with: 0 (Success)
card.c:465:sc_unlock: called
Incorrect parameters P1-P2
iso7816.c:578:iso7816_select_file: returning with: -1205 (Incorrect parameters in APDU)
card.c:776:sc_select_file: 'SELECT' error: -1205 (Incorrect parameters in APDU)
pkcs15-lib.c:3944:sc_pkcs15init_update_file: Failed to select file: -1205 (Incorrect parameters in APDU)
pkcs15-lib.c:920:sc_pkcs15init_add_app: returning with: -1205 (Incorrect parameters in APDU)
card.c:465:sc_unlock: called
reader-pcsc.c:663:pcsc_unlock: called
Failed to create PKCS #15 meta structure: Incorrect parameters in APDU
pkcs15-lib.c:430:sc_pkcs15init_unbind: called
Pksc15init Unbind: 0:0000000000000000:1
card.c:356:sc_disconnect_card: called
card-gids.c:656:gids_finish: called
Broadcom Corp Contacted SmartCard 0:SCardDisconnect returned: 0x00000000
card.c:378:sc_disconnect_card: returning with: 0 (Success)
ctx.c:906:sc_release_context: called
reader-pcsc.c:900:pcsc_finish: called

我不支持这些工具,愿意接受任何建议。

似乎一直都是 activclient 智能卡驱动程序的问题。

我为我的特定智能卡编辑了注册表项:(HKLM\Software\Microsoft\Cryptography\Calais\Smartcards\ 并将 80000001 字符串值更改为默认 windows 驱动程序 (C:\Windows\System32\msclmd.dll) 和我能够加载小程序、加载密钥,并将这些卡用于 bitlocker 加密。