Hi all, I've just received a SCM SPR332 from FLOSS-Shop (marked as "SPR332 V2" on its bottom side) and while its basic reader functionality seems to work just fine I can't get the secure PIN entry mode to work at all.
I've tried two different OpenPGP cards, tried both GnuPG built-in CCID driver and the pcsc-lite one to no avail. I've even tried the latest vendor Windows driver (with OpenSC and a constant length PIN verify operation), but the behavior in each of these setups was always the same: Upon typing and accepting a PIN the "key" LED on the reader continues to blink for a few seconds, then the reader responds with "64 00" result at the USB interface level (which is probably the code for "SPE [Secure PIN Entry] operation timed out" error) and then it doesn't want to communicate with the card anymore. A relevant log snippet from GnuPG built-in CCID driver: DBG: prompting for pinpad entry '||Please unlock the card%0A%0A Number : 0005 00005B0E%0AHolder : ' DBG: ccid-driver: sending escape sequence to switch to a case 1 APDU DBG: ccid-driver: PC_to_RDR_Escape: DBG: ccid-driver: dwLength ..........: 3 DBG: ccid-driver: bSlot .............: 0 DBG: ccid-driver: bSeq ..............: 56 DBG: ccid-driver: [0007] 00 00 00 80 02 00 DBG: ccid-driver: RDR_to_PC_Escape: DBG: ccid-driver: dwLength ..........: 0 DBG: ccid-driver: bSlot .............: 0 DBG: ccid-driver: bSeq ..............: 56 DBG: ccid-driver: bStatus ...........: 0 DBG: ccid-driver: buffer[9] .........: 00 DBG: ccid-driver: PC_to_RDR_Secure: DBG: ccid-driver: dwLength ..........: 19 DBG: ccid-driver: bSlot .............: 0 DBG: ccid-driver: bSeq ..............: 57 DBG: ccid-driver: bBMI ..............: 0x00 DBG: ccid-driver: wLevelParameter ...: 0x0000 DBG: ccid-driver: [0010] 00 00 82 00 00 19 DBG: ccid-driver: [0016] 06 02 01 09 04 00 00 00 00 00 20 00 82 DBG: ccid-driver: RDR_to_PC_DataBlock: DBG: ccid-driver: dwLength ..........: 2 DBG: ccid-driver: bSlot .............: 0 DBG: ccid-driver: bSeq ..............: 57 DBG: ccid-driver: bStatus ...........: 0 DBG: ccid-driver: [0010] 64 00 DBG: dismiss pinpad entry prompt verify CHV2 failed: Operation cancelled app_check_pin failed: Operation cancelled DBG: ccid-driver: PC_to_RDR_XfrBlock: DBG: ccid-driver: dwLength ..........: 9 DBG: ccid-driver: bSlot .............: 0 DBG: ccid-driver: bSeq ..............: 58 DBG: ccid-driver: bBWI ..............: 0x04 DBG: ccid-driver: wLevelParameter ...: 0x0000 DBG: ccid-driver: [0010] 00 00 05 00 CA 00 DBG: ccid-driver: [0016] 6E 00 A1 DBG: ccid-driver: usb_bulk_read error: LIBUSB_ERROR_TIMEOUT ccid_transceive failed: (0x1000a) apdu_send_simple(0) failed: card I/O error DBG: ccid-driver: PC_to_RDR_XfrBlock: DBG: ccid-driver: dwLength ..........: 9 DBG: ccid-driver: bSlot .............: 0 DBG: ccid-driver: bSeq ..............: 59 DBG: ccid-driver: bBWI ..............: 0x04 DBG: ccid-driver: wLevelParameter ...: 0x0000 DBG: ccid-driver: [0010] 00 00 05 00 CA 00 DBG: ccid-driver: [0016] C5 00 0A DBG: ccid-driver: usb_bulk_read error: LIBUSB_ERROR_TIMEOUT ccid_transceive failed: (0x1000a) apdu_send_simple(0) failed: card I/O error I've tried also an EMV card with this reader, the behavior is slightly different in this case: the typed PIN is accepted immediately, but "00 82 00 82" T=1 protocol error is returned at the USB interface level. And the card communication still works after this. The same cards (two OpenPGP ones and one EMV) accept PIN input without problems using exactly the same software setup when driven by a different PIN pad reader (a HP smart card keyboard). What's interesting is that the reader reports firmware version 7.0 while all the references I could find talk about firmware version 6.01. The vendor Windows driver also has a firmware version check utility that explicitly checks for firmware version 6.01 (unfortunately, it is just a checking tool without up- or down-grade capability). Now, I wonder: did anybody earlier spotted a similar behavior with this or other SCM/Identiv readers? Or is it possible that this reader is loaded with some non-standard firmware? It reports as "SPRx32 USB Smart Card Reader", which suggests the firmware should be common with a well-tested SPR532 model. Thanks, Maciej _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
