1092751 – Missing support for Reiner SCT cyberJack® RFID standard card reader

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1092751 - Missing support for Reiner SCT cyberJack® RFID standard card reader

Summary: Missing support for Reiner SCT cyberJack® RFID standard card reader

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	pcsc-lite
Sub Component:
Version:	6.5
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Bob Relyea
QA Contact:	Asha Akkiangady
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-04-29 22:05 UTC by Robert Scheck
Modified:	2018-12-09 17:47 UTC (History)
CC List:	7 users (show)
Fixed In Version:	pcsc-lite-1.5.2-14.el6
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-10-14 06:36:40 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
pcsc-lite-1.5.2-libusb-scheme.patch (2.43 KB, patch) 2014-04-29 22:23 UTC, Robert Scheck	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2014:1463	0	normal	SHIPPED_LIVE	pcsc-lite bug fix and enhancement update	2014-10-14 01:28:43 UTC

Description Robert Scheck 2014-04-29 22:05:27 UTC

Description of problem:
Using the latest pcsc-lite package from RHEL 6.5 I am unable to use one of
the (in Germany) common Reiner SCT chip card readers, such as "cyberJack®
RFID standard". That is bad, because this reader has been approved by the
BSI (German Federal Office for Information Security) also known as GISA
(German Information Security Agency) as well as even by the TÜV (German 
Technical Inspection Association). Without that chip card reader, it's now
a) impossible to me to do online banking via HBCI/FinTS and b) I'm also not 
able to cause qualified electronic signatures via my ID card/passport.

For the people coming via Google to this issue: CTAPI is no longer supported
by Reiner SCT, they only support the stuff delivered with a recent version
of pcsc-cyberjack. Bug #901764 took care of getting pcsc-cyberjack also into
Fedora EPEL 6 to make this chip card reader working under RHEL more easily.

However the card reader does unfortunately not work except after rebuilding
a newer version of pcsc-lite for RHEL 6, such as pcsc-lite-1.6.4-4.fc14. I
already mentioned that before in bug #887719. However rebasing to 1.6.x is
treated as somehow problematic.

Version-Release number of selected component (if applicable):
pcsc-lite-1.5.2-13.el6_4

Actual results:
Missing support for Reiner SCT cyberJack® RFID standard card reader

Expected results:
Fully working card reader Reiner SCT cyberJack® RFID standard.

Additional info:
I tracked down the relevant differences (using --debug) between pcsc-lite
1.5.2 and 1.6.4 in order to backport the required functionality to RHEL 6.

Comment 1 Robert Scheck 2014-04-29 22:11:52 UTC

This is how it looks for me using pcsc-lite-1.6.4-4.fc14 started with --debug:

Apr 29 23:34:54 rsc pcscd: hotplug_libhal.c:320:get_driver() Looking a driver for VID: 0x0C4B, PID: 0x0500
Apr 29 23:34:54 rsc pcscd: hotplug_libhal.c:368:HPAddDevice() Adding USB device: usb_device_c4b_500_0123456789_if0
Apr 29 23:34:55 rsc pcscd: readerfactory.c:959:RFInitializeReader() Attempting startup of REINER SCT cyberJack RFID standard (0123456789) 00 00 using /usr/lib64/pcsc/drivers/libifd-cyberjack.bundle/Contents/Linux/libifd-cyberjack.so
Apr 29 23:34:55 rsc pcscd: readerfactory.c:849:RFBindFunctions() Loading IFD Handler 3.0
Apr 29 23:34:55 rsc pcscd: readerfactory.c:990:RFInitializeReader() Open Port 200000 Failed (usb:0c4b/0500:libhal:/org/freedesktop/Hal/devices/usb_device_c4b_500_0123456789_if0)
Apr 29 23:34:55 rsc pcscd: readerfactory.c:886:RFUnloadReader() Unloading reader driver.
Apr 29 23:34:55 rsc pcscd: readerfactory.c:257:RFAddReader() REINER SCT cyberJack RFID standard (0123456789) init failed.
Apr 29 23:34:55 rsc pcscd: hotplug_libhal.c:465:HPAddDevice() trying libusb scheme with: usb:0c4b/0500:libusb:002:014
Apr 29 23:34:55 rsc pcscd: readerfactory.c:959:RFInitializeReader() Attempting startup of REINER SCT cyberJack RFID standard (0123456789) 00 00 using /usr/lib64/pcsc/drivers/libifd-cyberjack.bundle/Contents/Linux/libifd-cyberjack.so
Apr 29 23:34:55 rsc pcscd: readerfactory.c:849:RFBindFunctions() Loading IFD Handler 3.0
Apr 29 23:34:56 rsc pcscd: readerfactory.c:273:RFAddReader() Using the pcscd polling thread

Please note that the real serial number has been replaced by "0123456789".

Comment 2 Robert Scheck 2014-04-29 22:12:34 UTC

This is how it looks for me using pcsc-lite-1.5.2-13.el6_4 started with --debug:

Apr 29 23:35:36 rsc pcscd: hotplug_libhal.c:307:get_driver() Looking a driver for VID: 0x0C4B, PID: 0x0500
Apr 29 23:35:36 rsc pcscd: hotplug_libhal.c:342:HPAddDevice() Adding USB device: usb_device_c4b_500_0123456789_if0
Apr 29 23:35:37 rsc pcscd: readerfactory.c:1024:RFInitializeReader() Attempting startup of REINER SCT cyberJack RFID standard (0123456789) 00 00 using /usr/lib64/pcsc/drivers/libifd-cyberjack.bundle/Contents/Linux/libifd-cyberjack.so
Apr 29 23:35:37 rsc pcscd: readerfactory.c:877:RFBindFunctions() Loading IFD Handler 3.0
Apr 29 23:35:37 rsc pcscd: readerfactory.c:1050:RFInitializeReader() Open Port 200000 Failed (usb:0c4b/0500:libhal:/org/freedesktop/Hal/devices/usb_device_c4b_500_0123456789_if0)
Apr 29 23:35:37 rsc pcscd: readerfactory.c:914:RFUnloadReader() Unloading reader driver.
Apr 29 23:35:37 rsc pcscd: readerfactory.c:233:RFAddReader() REINER SCT cyberJack RFID standard (0123456789) init failed.
Apr 29 23:35:37 rsc pcscd: hotplug_libhal.c:397:HPAddDevice() Failed adding USB device: usb_device_c4b_500_0123456789_if0

Comment 4 Robert Scheck 2014-04-29 22:23:16 UTC

Created attachment 890964 [details]
pcsc-lite-1.5.2-libusb-scheme.patch

1:1 backport from pcsc-lite 1.6.x of the additional try to use the libusb
scheme before giving up.

Comment 5 Robert Scheck 2014-04-29 22:24:39 UTC

And this is how it looks for me using pcsc-lite-1.5.2-13.el6_4 (plus having 
attachment 890964 [details] applied) started with --debug:

Apr 30 00:08:44 rsc pcscd: hotplug_libhal.c:307:get_driver() Looking a driver for VID: 0x0C4B, PID: 0x0500
Apr 30 00:08:44 rsc pcscd: hotplug_libhal.c:342:HPAddDevice() Adding USB device: usb_device_c4b_500_0123456789_if0
Apr 30 00:08:45 rsc pcscd: readerfactory.c:1024:RFInitializeReader() Attempting startup of REINER SCT cyberJack RFID standard (0123456789) 00 00 using /usr/lib64/pcsc/drivers/libifd-cyberjack.bundle/Contents/Linux/libifd-cyberjack.so
Apr 30 00:08:45 rsc pcscd: readerfactory.c:877:RFBindFunctions() Loading IFD Handler 3.0
Apr 30 00:08:45 rsc pcscd: readerfactory.c:1050:RFInitializeReader() Open Port 200000 Failed (usb:0c4b/0500:libhal:/org/freedesktop/Hal/devices/usb_device_c4b_500_0123456789_if0)
Apr 30 00:08:45 rsc pcscd: readerfactory.c:914:RFUnloadReader() Unloading reader driver.
Apr 30 00:08:45 rsc pcscd: readerfactory.c:233:RFAddReader() REINER SCT cyberJack RFID standard (0123456789) init failed.
Apr 30 00:08:45 rsc pcscd: hotplug_libhal.c:427:HPAddDevice() trying libusb scheme with: usb:0c4b/0500:libusb:002:020
Apr 30 00:08:45 rsc pcscd: readerfactory.c:1024:RFInitializeReader() Attempting startup of REINER SCT cyberJack RFID standard (0123456789) 00 00 using /usr/lib64/pcsc/drivers/libifd-cyberjack.bundle/Contents/Linux/libifd-cyberjack.so
Apr 30 00:08:45 rsc pcscd: readerfactory.c:877:RFBindFunctions() Loading IFD Handler 3.0

Comment 6 Robert Scheck 2014-04-29 22:33:22 UTC

Escalated (previously cross-filed) case #00779070 in Red Hat customer portal

Comment 7 Bob Relyea 2014-04-30 16:15:18 UTC

Asha, I just ordered this reader for both you and I, you should get it Tuesday.

Comment 9 Robert Scheck 2014-04-30 17:51:00 UTC

To avoid confusions: Patch from attachment #890964 [details] makes the reader working

Comment 10 Ludovic Rousseau 2014-05-04 10:02:14 UTC

Maybe it would be simpler to patch the libifd-cyberjack.bundle to also support the libhal: naming scheme (if you have the source code of the driver).

This would avoid changing pcsc-lite.

Comment 11 Robert Scheck 2014-05-04 12:13:17 UTC

Ludovic, I do not get your point: If I am not mistaken this patch does not
exclusively affect the libifd-cyberjack.bundle but possibly every non-ccid
driver? So this might not only add cyberJack support but some more. Further
more my patch is a really stupid backport from a newer pcsc-lite upstream
release. And given that bug #887719 might cause a patch for the pcsc-lite
package anyway...one more patch should not hurt, shouldn't it? Personally I
do not see a reason why Red Hat should not apply this patch. I get that you
as upstream are moving from libhal to libudev (might be the reason for this
suggestion) but RHEL 6 will keep libhal until it goes EOL in 2020/2023...

Comment 12 Ludovic Rousseau 2014-05-04 15:46:32 UTC

My point is: if for whatever reason RedHat do not want to patch pcsc-lite then patching libifd-cyberjack.bundle could also solve your problem.

Comment 14 Bob Relyea 2014-05-08 22:29:28 UTC

Robert, I'm about to check in your patch and I want to know if you want me to keep your name and fedora email address in the patch (that would be my default position), but I'll happily change it to something generic (like 'customer').

Comment 15 Robert Scheck 2014-05-09 07:50:53 UTC

Bob, I am absolutely fine if you keep it.

Comment 16 Bob Relyea 2014-05-09 22:39:03 UTC

fixed in pcsc-lite-1.5.2-13.el6

Asha, to test this you'll have to install pcsc-cyberjack from epel.

Comment 18 Roshni 2014-06-18 15:37:45 UTC

Followed the instructions under "4.3.2 Linux.rpm" in http://downloads.reiner-sct.de/basecomponents_en/RSCT_manual_cyberJack_RFID_universal_EN.pdf. Can any smartcard be used with the cyberJack RFID Komfort reader (for example, Gemalto 64K cards) ?

Comment 19 Robert Scheck 2014-06-19 00:28:46 UTC

(In reply to Roshni from comment #18)
> Followed the instructions under "4.3.2 Linux.rpm" in
> http://downloads.reiner-sct.de/basecomponents_en/
> RSCT_manual_cyberJack_RFID_universal_EN.pdf. Can any smartcard be used with
> the cyberJack RFID Komfort reader (for example, Gemalto 64K cards) ?

Is there a specific reason that you don't use pcsc-cyberjack RPM from EPEL?

http://www.reiner-sct.com/ccsdata/documentDownload.dat?documentId=6514504 is
mentioning technical details about the card reader you are referring to. But
I was not able to locate any data sheet for Gemalto with technical details;
if your smartcard follows the standards that the reader supports, it should
work I guess.

Comment 20 Roshni 2014-06-25 14:17:31 UTC

Hi Robert,

The document provided in comment 19 is in German, is there one in English?

Comment 21 Kai Engert (:kaie) (inactive account) 2014-06-25 14:55:12 UTC

Roshni, I'm confused about your comment 18 and 20.

First, this bug is about testing the software included with RHEL. I don't understand why you attempt to download software from the Reiner web page. (That probably won't work, because the software Reiner provides is for SuSE and Ubunutu/Debian, not RHEL.)

Second, I don't understand why you say the document is german. I see the opposite. I downloaded the PDF file from comment 18, it's all english.

Even if you really want to download original software from Reiner (although you should rather use the software for RHEL that Bob provided in this bug), the installation instructions in the PDF file say to open http://www.reiner-sct.com/treiber which currently redirects to http://www.reiner-sct.com/support/download/treiber-und-software/cyberjack/ and which is indeed a page in german, but it's pretty self explanatory. Select the correct reader icon, then click Linux, and you get to a download page with a table of packages per Linux distribution. Since no RHEL is offered on that page, it probably won't help you?

Comment 22 Roshni 2014-06-25 15:23:15 UTC

Kai,

I have downloaded the rpm from EPEL but after installing the rpm, I inserted a card which is not being detected by the reader. Robert Scheck pointed me to http://www.reiner-sct.com/ccsdata/documentDownload.dat?documentId=6514504 which has the specifications of the cards supported by the reader (comment 19). This document is in German.

Comment 23 Kai Engert (:kaie) (inactive account) 2014-06-25 15:49:00 UTC

Roshni, thank you for clarifying and I'm sorry about misunderstanding your comments!

Comment 24 Kai Engert (:kaie) (inactive account) 2014-06-25 16:04:56 UTC

The first page of the german PDF file from http://www.reiner-sct.com/ccsdata/documentDownload.dat?documentId=6514504 primarily talks about compatibility with the new personal ID card issued in germany to citizens, physical features of the reader, the german certifications it has received (nPA = Neuer Personalausweis). Also, it talks about cards issued by banks in germany for secure online banking.

I cannot find a list of supported cards.
The specifications say the physical contact interface is according to 
  ISO/IEC 14443 A/B 
and the wireless interface is according to
  ISO/IEC 7816

The vendor's product page can be found at:
http://www.reiner-sct.com/produkte/chipkartenleser/cyberJack_RFID_komfort.html?pEl=5

I cannot find any information in english provided by the vendor. The device seems to target the german market specifically.

Comment 25 Kai Engert (:kaie) (inactive account) 2014-06-25 16:14:04 UTC

I found another (german) PDF, which contains a table labeled "usable cards and applications" (left hand side).
http://www.reiner-sct.com/pdf/datenblaetter/cyberJack_RFID_Gruppe_web.pdf

- nPA (new german personal ID)
- other RFID cards according to ISO/IEC 14443
- banking cards (unclear if limited to cards common in germany)
- signature cards according to ISO/IEC 7816
- card used by the german health system for citizens

Comment 26 Robert Scheck 2014-06-25 16:31:50 UTC

(In reply to Kai Engert (:kaie) from comment #24)
> I cannot find a list of supported cards.
> The specifications say the physical contact interface is according to 
>   ISO/IEC 14443 A/B 
> and the wireless interface is according to
>   ISO/IEC 7816

Other way round: ISO/IEC 7816 is physical contact and ISO/IEC 14443 A/B is
wireless (RFID). At least I read it like that.

The smartcard that I am personally using is either a DDV smartcard (DES DES 
method) or a RDH smartcard (RSA DES hybrid method) for HBCI/FinTS. Putting
in my debit or credit card seems also to work in general even I do not have
any application. Some report that GSM SIM cards can be handled as well.

If I am not completely mistaken a green LED on the card reader device means
that the card is recognized, and if it is blinking there recently was some 
communication. Unfortunately I am not sure if I have any not supported card
around here to cross-check.

Comment 27 Ludovic Rousseau 2014-06-25 16:45:04 UTC

Robert, I am not sure what you are trying to do.
Maybe you can have a look at "Level 1 smart card support on GNU/Linux" http://ludovicrousseau.blogspot.fr/2014/03/level-1-smart-card-support-on-gnulinux.html

For a SIM card you can use http://ludovicrousseau.blogspot.fr/search/label/sim

Comment 28 Robert Scheck 2014-06-25 17:14:47 UTC

(In reply to Ludovic Rousseau from comment #27)
> Robert, I am not sure what you are trying to do.

Roshni is (from what I get) looking for a list of supported smartcards with
cyberJack RFID Komfort as his Gemalto 64K card doesn't seem to be supported
(comment #18). Thus Kai and I tried to provide helpful information.

Comment 29 Roshni 2014-06-25 21:08:25 UTC

Tested PIV cards with the cyberJack RFID komfort reader with pcsc-lite-1.5.2-14.el6 on RHEL 6.5. The reader still does not detect the card (green light does not blink), ESC on the machine shows "Unformatted card" inserted and the certs on the card are not listed on ESC. 

Do not know if I am missing any other dependency packages, RHEL 6.6 builds are not yet available for us.

Comment 30 Bob Relyea 2014-06-25 22:17:17 UTC

Roshni, The Oberthur ID cards seem to work, somewhat. It seems pretty easy to get the reader in a state where it's not recognizing any cards. I don't have any contactless cards to test. The Contactless cards blink blue, and the contact card blink green (appearantly).

The PIV sample cards we have are both contact and contactless. The contact cards work (sometimes). It looks like when the reader is working, it recognizes the contactless cards, but I suspect they use different APDU's then the PIV contact interface, so coolkey doesn't recognize them. (I did get the reader to blink 'blue' than then old 'blue' on my PIV cards.

Comment 31 Roshni 2014-06-26 19:37:39 UTC

Bob,

I have 1 Oberthur card and 16 PIV cards. All of them were blinking blue and on ESC it is showing "Unformatted card" and the certs are not listed. when I did modutil -list -dbdir /etc/pki/nssdb, it shows the reader information under the coolkey module but no information about the token.

Comment 32 Roshni 2014-06-30 16:22:04 UTC

Bob as per your email:

(02:44:17 PM) relyea: rpattath: We can verify the bug by looking at /var/log/messages.
(02:45:36 PM) relyea: Unplug the reader
(02:45:44 PM) relyea: tail -f /var/log/messages
(02:46:52 PM) relyea: Plug in the reader.
(02:47:30 PM) relyea: Make sure the reader connects..
(02:47:32 PM) relyea: 24:RFInitializeReader() Attempting startup of REINER SCT cyberJack RFID komfort (9693835272) 00 00 using /usr/lib64/pcsc/drivers/libifd-cyberjack.bundle/Contents/Linux/libifd-cyberjack.so
(02:47:32 PM) relyea: Jun 25 14:46:45 bobslaptop pcscd: readerfactory.c:877:RFBindFunctions() Loading IFD Handler 3.0
(02:47:32 PM) relyea: Jun 25 14:46:48 bobslaptop pcscd: readerfactory.c:249:RFAddReader() Using the pcscd polling thread
(02:47:41 PM) relyea: A failure would look like:
(02:48:09 PM) relyea: Apr 29 23:35:37 rsc pcscd: readerfactory.c:1050:RFInitializeReader() Open Port 200000 Failed (usb:0c4b/0500:libhal:/org/freedesktop/Hal/devices/usb_device_c4b_500_0123456789_if0) Apr 29 23:35:37 rsc pcscd: readerfactory.c:914:RFUnloadReader() Unloading reader driver. Apr 29 23:35:37 rsc pcscd: readerfactory.c:233:RFAddReader() REINER SCT cyberJack RFID standard (0123456789) init failed. Apr 29 23:35:37 rsc pcscd: hotplug_libhal.c:397:HPAddDevice() Failed adding USB device: usb_device_c4b_500_0123456789_if0
(02:50:03 PM) relyea: We should note that the reader does not like to handle card removal all that well.
(03:15:11 PM) relyea: rpattath: wierd, The PIV cards look like they are contactless, but I bet they have a different API, so they would need a different PKCS #11 driver than coolkey.
(03:19:28 PM) relyea: OK, I think I see what the issue is.
(03:20:06 PM) relyea: If you insert the card and it starts to blink blue, then it's trying to talk to the contactless interface, which coolkey doesn't understand
(03:20:42 PM) relyea: If you insert the card and it blinks green, then full green, everything is cool.
(03:21:16 PM) relyea: You need to insert the piv cards fast enough that the contact picks up faster than the contactless.



I had a look at the /var/log/messages and I get the following messages when the reader is plugged in, card is inserted and removed



Jun 30 12:04:39 dhcp129-237 kernel: usb 2-1.2: new full speed USB device number 6 using ehci_hcd
Jun 30 12:04:39 dhcp129-237 kernel: usb 2-1.2: New USB device found, idVendor=0c4b, idProduct=0501
Jun 30 12:04:39 dhcp129-237 kernel: usb 2-1.2: New USB device strings: Mfr=1, Product=2, SerialNumber=3
Jun 30 12:04:39 dhcp129-237 kernel: usb 2-1.2: Product: cyberJack RFID komfort
Jun 30 12:04:39 dhcp129-237 kernel: usb 2-1.2: Manufacturer: REINER SCT
Jun 30 12:04:39 dhcp129-237 kernel: usb 2-1.2: SerialNumber: 6900486104
Jun 30 12:04:39 dhcp129-237 kernel: usb 2-1.2: configuration #1 chosen from 1 choice
Jun 30 12:04:39 dhcp129-237 pcscd: hotplug_libhal.c:342:HPAddDevice() Adding USB device: usb_device_c4b_501_6900486104_if0
Jun 30 12:04:40 dhcp129-237 pcscd: readerfactory.c:1024:RFInitializeReader() Attempting startup of REINER SCT cyberJack RFID komfort (6900486104) 00 00 using /usr/lib64/pcsc/drivers/libifd-cyberjack.bundle/Contents/Linux/libifd-cyberjack.so
Jun 30 12:04:40 dhcp129-237 pcscd: readerfactory.c:877:RFBindFunctions() Loading IFD Handler 3.0
Jun 30 12:04:40 dhcp129-237 pcscd: readerfactory.c:1050:RFInitializeReader() Open Port 200000 Failed (usb:0c4b/0501:libhal:/org/freedesktop/Hal/devices/usb_device_c4b_501_6900486104_if0)
Jun 30 12:04:40 dhcp129-237 pcscd: readerfactory.c:914:RFUnloadReader() Unloading reader driver.
Jun 30 12:04:40 dhcp129-237 pcscd: readerfactory.c:233:RFAddReader() REINER SCT cyberJack RFID komfort (6900486104) init failed.
Jun 30 12:04:40 dhcp129-237 pcscd: hotplug_libhal.c:432:HPAddDevice() trying libusb scheme with: usb:0c4b/0501:libusb:002:006
Jun 30 12:04:40 dhcp129-237 pcscd: readerfactory.c:1024:RFInitializeReader() Attempting startup of REINER SCT cyberJack RFID komfort (6900486104) 00 00 using /usr/lib64/pcsc/drivers/libifd-cyberjack.bundle/Contents/Linux/libifd-cyberjack.so
Jun 30 12:04:40 dhcp129-237 pcscd: readerfactory.c:877:RFBindFunctions() Loading IFD Handler 3.0
Jun 30 12:04:43 dhcp129-237 pcscd: readerfactory.c:249:RFAddReader() Using the pcscd polling thread
Jun 30 12:04:43 dhcp129-237 pcscd: winscard.c:362:SCardConnect() Card Not Inserted
Jun 30 12:04:43 dhcp129-237 pcscd: winscard.c:362:SCardConnect() Card Not Inserted




Jun 30 12:06:25 dhcp129-237 pcscd: eventhandler.c:429:EHStatusHandlerThread() Card inserted into REINER SCT cyberJack RFID komfort (6900486104) 00 00
Jun 30 12:06:25 dhcp129-237 pcscd: Card ATR: 3B 88 80 01 00 00 00 00 80 81 C1 00 C9 
Jun 30 12:06:25 dhcp129-237 pcscd: prothandler.c:128:PHSetProtocol() Attempting PTS to T=1




Jun 30 12:06:59 dhcp129-237 pcscd: eventhandler.c:361:EHStatusHandlerThread() Card Removed From REINER SCT cyberJack RFID komfort (6900486104) 00 00
Jun 30 12:06:59 dhcp129-237 pcscd: winscard.c:362:SCardConnect() Card Not Inserted
Jun 30 12:06:59 dhcp129-237 pcscd: winscard.c:362:SCardConnect() Card Not Inserted


Shouldn't we be able to view the certs on the card to clearly say that the card has been detected? Are the above log messages sufficient to verify this bug?

Comment 33 Bob Relyea 2014-06-30 16:58:13 UTC

Roshi,

So the issue is the reader is both a contactless reader and a contact reader, and the cards we have the 'work' with the reader are both contactless and contact, but we only support the contact part. 

It seems the reader does not like to use both at the same time, and it doesn't separate the contact card from the contactless interface well. In order to see something work, you need to get the contact part working (green light). If it flashes blue, ESC will see the card, but treat it as unformatted because coolkey doesn't support contact-less PIV. I find it's hit or miss whether or not I can get the reader to use the contact verses the contactless interface. When it uses the contact interface, everything works fine, but if it start flashing blue, it won't every switch to the contact interface.

In any event, you messages are fine. We can write a bug to support contactless in the future (that would make our testing of the reader easier).

bob

Comment 34 Robert Scheck 2014-06-30 18:07:09 UTC

(In reply to Roshni from comment #32)
> Jun 30 12:04:40 dhcp129-237 pcscd: hotplug_libhal.c:432:HPAddDevice() trying
> libusb scheme with: usb:0c4b/0501:libusb:002:006

[...]

> Are the above log messages sufficient to verify this bug?

From my personal point of view it would be sufficient - I am the reporter,
I wrote the patch and it is working for me :) Obviously I can not make any
decision for Red Hat QA but: If you try the same steps without my patch, I
bet that you have really less success.

Given that I am the reporter, I am willing to test this specific RPM also
here locally (which is hopefully the same like 1.5.2-13.el6_4 + my patch).

Comment 35 Roshni 2014-07-02 18:58:54 UTC

Upgraded to RHEL 6.6, the following cards got the green light on the reader blinking and were detected by ESC. This too was successful only after several attempts of removing and re-inserting the card. ESC also hung multiple times during the test.

PIV test cards 1,2,3,4,5,6,7,8,10,11,12,13,14,15
Oberthur smart card

PIV test cards 9 and 16 got the the green light on the reader blinking but ESC was not detecting the cards.

Verifying this bug and opened a new bug for the inconsistent behavior (not clearly identifying contact and contactless cards) of the reader https://bugzilla.redhat.com/show_bug.cgi?id=1115626

Comment 36 errata-xmlrpc 2014-10-14 06:36:40 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1463.html

Note You need to log in before you can comment on or make changes to this bug.