Zonatic DNIe

Para verificar el correcto funcionamiento de las librerías se pueden utilizar los comandos del software OpenSC para comprobar si el DNIe está correctamente configurado y si se puede acceder a los certificados. Para ello recomendamos los siguientes comandos:

• /Library/OpenSC/bin/opensc-tool -Dan

  Este comando devolverá qué drivers están instalados, el lector que se está usando y el ATR de la tarjeta. Una posible salida es la siguiente:

  Configured card drivers:
dnie DNIe card driver
ceres FNMT Ceres card
cardos Siemens CardOS
cardos Siemens CardOS
flex Schlumberger Multiflex/Cryptoflex
cyberflex Schlumberger Cyberflex
gpk Gemplus GPK
gemsafeV driver for the Gemplus GemSAFE V1 applet
miocos MioCOS 1.1
mcrd MICARDO 2.1
asepcos Athena ASEPCOS
setcos Setec cards
starcos STARCOS SPK 2.3/2.4
tcos TCOS 3.0
openpgp OpenPGP card
jcop JCOP cards with BlueZ PKCS#15 applet
oberthur Oberthur AuthentIC.v2/CosmopolIC.v4
belpic Belpic cards
atrust-acos A-Trust ACOS cards
muscle Muscle Card Driver
incrypto34 Incard Incripto34
piv PIV-II for multiple cards
acos5 ACS ACOS5 card
akis TUBITAK UEKAE AKIS
entersafe entersafe
rutoken Rutoken driver
rutoken_ecp Rutoken ECP driver
emv EMV compatible cards
default Default driver for unknown cards
Using reader with a card: MI LECTOR DNIE (00115893) 01 00
3b:7f:38:00:00:00:6a:44:4e:49:65:20:02:4c:34:01:13:03:90:00
dnie

  Como se puede comprobar, el driver del DNIe está configurado correctamente, ha contactado con el lector, ha recibido el ATR y ha identificado este ATR como de DNIe.

• /Library/OpenSC/bin/pkcs11-tool -lO

  Este comando intentará presentar PIN y acceder a los objetos del DNIe. Por lo tanto, comprobará primero que se establezca de forma adecuada el canal seguro y que tenga acceso a todos los elementos del DNIe. Una salida correcta del comando podría ser la siguiente:

  [opensc-pkcs11] iso7816.c:99:iso7816_check_sw: Security status not satisfied
[opensc-pkcs11] base_card.c:1208:card_read_binary: returning with: Security status not satisfied
[opensc-pkcs11] card.c:430:sc_read_binary: returning with: Security status not satisfied
[opensc-pkcs11] card_helper.c:326:card_helper_read_certificate_file: returning with: Security status not satisfied
[opensc-pkcs11] card_sync.c:880:card_sync_card_to_virtual_fs_certificate_file_callback: returning with: Security status not satisfied
[opensc-pkcs11] iso7816.c:99:iso7816_check_sw: Security status not satisfied
[opensc-pkcs11] base_card.c:1208:card_read_binary: returning with: Security status not satisfied
[opensc-pkcs11] card.c:430:sc_read_binary: returning with: Security status not satisfied
[opensc-pkcs11] card_helper.c:326:card_helper_read_certificate_file: returning with: Security status not satisfied
[opensc-pkcs11] card_sync.c:880:card_sync_card_to_virtual_fs_certificate_file_callback: returning with: Security status not satisfied
[opensc-pkcs11] iso7816.c:99:iso7816_check_sw: Security status not satisfied
[opensc-pkcs11] base_card.c:1208:card_read_binary: returning with: Security status not satisfied
[opensc-pkcs11] card.c:430:sc_read_binary: returning with: Security status not satisfied
[opensc-pkcs11] card_helper.c:83:card_helper_read_file: returning with: Security status not satisfied
[opensc-pkcs11] card_sync.c:995:card_sync_card_to_virtual_fs_data_file_callback: returning with: Security status not satisfied
[opensc-pkcs11] iso7816.c:99:iso7816_check_sw: Security status not satisfied
[opensc-pkcs11] base_card.c:1208:card_read_binary: returning with: Security status not satisfied
[opensc-pkcs11] card.c:430:sc_read_binary: returning with: Security status not satisfied
[opensc-pkcs11] card.c:415:sc_read_binary: sc_read_binary() failed: Security status not satisfied
[opensc-pkcs11] card_helper.c:83:card_helper_read_file: returning with: Security status not satisfied
[opensc-pkcs11] card_sync.c:995:card_sync_card_to_virtual_fs_data_file_callback: returning with: Security status not satisfied
[opensc-pkcs11] iso7816.c:99:iso7816_check_sw: Security status not satisfied
[opensc-pkcs11] base_card.c:1208:card_read_binary: returning with: Security status not satisfied
[opensc-pkcs11] card.c:430:sc_read_binary: returning with: Security status not satisfied
[opensc-pkcs11] card.c:415:sc_read_binary: sc_read_binary() failed: Security status not satisfied
[opensc-pkcs11] card_helper.c:83:card_helper_read_file: returning with: Security status not satisfied
[opensc-pkcs11] card_sync.c:995:card_sync_card_to_virtual_fs_data_file_callback: returning with: Security status not satisfied
Please enter User PIN:
Private Key Object; RSA
label: KprivAutenticacion
ID: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Usage: sign
Certificate Object, type = X.509 cert
label: CertAutenticacion
ID: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Public Key Object; RSA 2048 bits
label: KpuAutenticacion
ID: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Usage: verify
Private Key Object; RSA
label: KprivFirmaDigital
ID: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Usage: sign
Certificate Object, type = X.509 cert
label: CertFirmaDigital
ID: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Public Key Object; RSA 2048 bits
label: KpuFirmaDigital
ID: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Usage: verify
Data object 7
label: 'ADMIN_DatosFiliacion'
application: '0000'
app_id: -1
flags: modifiable private
Data object 8
label: 'ADMIN_ImagenFacial'
application: '0000'
app_id: -1
flags: modifiable private
Data object 9
label: 'ADMIN_ImagenFirma'
application: '0000'
app_id: -1
flags: modifiable private
Certificate Object, type = X.509 cert
label: CertCAIntermediaDGP
ID: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Public Key Object; RSA 2048 bits
label: CertCAIntermediaDGP
ID: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Usage: encrypt, verify

  Con este comando, OpenSC intenta cargar todos los objetos sin presentar PIN. Esto genera errores de tipo Security status not satisfied. Una vez presentado el PIN, OpenSC lista todos los objetos a los que ha podido acceder.