On 14.01.2018 01:01, Maciej S. Szmigiero wrote: > Hi all, > > I've just received a SCM SPR332 from FLOSS-Shop (marked as "SPR332 V2" > on its bottom side) and while its basic reader functionality seems to work > just fine I can't get the secure PIN entry mode to work at all. > > I've tried two different OpenPGP cards, tried both GnuPG built-in CCID > driver and the pcsc-lite one to no avail. > > I've even tried the latest vendor Windows driver (with OpenSC and a constant > length PIN verify operation), but the behavior in each of these setups was > always the same: > Upon typing and accepting a PIN the "key" LED on the reader continues to > blink for a few seconds, then the reader responds with "64 00" result at > the USB interface level (which is probably the code for > "SPE [Secure PIN Entry] operation timed out" error) and then it doesn't > want to communicate with the card anymore. > > A relevant log snippet from GnuPG built-in CCID driver: > DBG: prompting for pinpad entry '||Please unlock the card%0A%0A Number : 0005 > 00005B0E%0AHolder : ' > DBG: ccid-driver: sending escape sequence to switch to a case 1 APDU > DBG: ccid-driver: PC_to_RDR_Escape: > DBG: ccid-driver: dwLength ..........: 3 > DBG: ccid-driver: bSlot .............: 0 > DBG: ccid-driver: bSeq ..............: 56 > DBG: ccid-driver: [0007] 00 00 00 80 02 00 > DBG: ccid-driver: RDR_to_PC_Escape: > DBG: ccid-driver: dwLength ..........: 0 > DBG: ccid-driver: bSlot .............: 0 > DBG: ccid-driver: bSeq ..............: 56 > DBG: ccid-driver: bStatus ...........: 0 > DBG: ccid-driver: buffer[9] .........: 00 > DBG: ccid-driver: PC_to_RDR_Secure: > DBG: ccid-driver: dwLength ..........: 19 > DBG: ccid-driver: bSlot .............: 0 > DBG: ccid-driver: bSeq ..............: 57 > DBG: ccid-driver: bBMI ..............: 0x00 > DBG: ccid-driver: wLevelParameter ...: 0x0000 > DBG: ccid-driver: [0010] 00 00 82 00 00 19 > DBG: ccid-driver: [0016] 06 02 01 09 04 00 00 00 00 00 20 00 82 > DBG: ccid-driver: RDR_to_PC_DataBlock: > DBG: ccid-driver: dwLength ..........: 2 > DBG: ccid-driver: bSlot .............: 0 > DBG: ccid-driver: bSeq ..............: 57 > DBG: ccid-driver: bStatus ...........: 0 > DBG: ccid-driver: [0010] 64 00 > DBG: dismiss pinpad entry prompt > verify CHV2 failed: Operation cancelled > app_check_pin failed: Operation cancelled > DBG: ccid-driver: PC_to_RDR_XfrBlock: > DBG: ccid-driver: dwLength ..........: 9 > DBG: ccid-driver: bSlot .............: 0 > DBG: ccid-driver: bSeq ..............: 58 > DBG: ccid-driver: bBWI ..............: 0x04 > DBG: ccid-driver: wLevelParameter ...: 0x0000 > DBG: ccid-driver: [0010] 00 00 05 00 CA 00 > DBG: ccid-driver: [0016] 6E 00 A1 > DBG: ccid-driver: usb_bulk_read error: LIBUSB_ERROR_TIMEOUT > ccid_transceive failed: (0x1000a) > apdu_send_simple(0) failed: card I/O error > DBG: ccid-driver: PC_to_RDR_XfrBlock: > DBG: ccid-driver: dwLength ..........: 9 > DBG: ccid-driver: bSlot .............: 0 > DBG: ccid-driver: bSeq ..............: 59 > DBG: ccid-driver: bBWI ..............: 0x04 > DBG: ccid-driver: wLevelParameter ...: 0x0000 > DBG: ccid-driver: [0010] 00 00 05 00 CA 00 > DBG: ccid-driver: [0016] C5 00 0A > DBG: ccid-driver: usb_bulk_read error: LIBUSB_ERROR_TIMEOUT > ccid_transceive failed: (0x1000a) > apdu_send_simple(0) failed: card I/O error > > I've tried also an EMV card with this reader, the behavior > is slightly different in this case: the typed PIN is accepted > immediately, but "00 82 00 82" T=1 protocol error is returned > at the USB interface level. > And the card communication still works after this. > > The same cards (two OpenPGP ones and one EMV) accept PIN input without > problems using exactly the same software setup when driven by a > different PIN pad reader (a HP smart card keyboard). > > What's interesting is that the reader reports firmware version 7.0 > while all the references I could find talk about firmware version 6.01. > > The vendor Windows driver also has a firmware version check utility > that explicitly checks for firmware version 6.01 (unfortunately, > it is just a checking tool without up- or down-grade capability). > > Now, I wonder: did anybody earlier spotted a similar behavior with this > or other SCM/Identiv readers? > Or is it possible that this reader is loaded with some non-standard > firmware? > It reports as "SPRx32 USB Smart Card Reader", which suggests the firmware > should be common with a well-tested SPR532 model.
Has anybody used this reader as a PIN pad successfully or had similar issues? Thanks, Maciej _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
