DNIe (OpenDNIe) - xhanulik/OpenSC GitHub Wiki
DNIe (OpenDNIe)
Support for DNIe cards got merged by code from the OpenDNIe fork, by pull request #168. The code is now in Master. OpenSC does not support the Spanish Ceres cards.
DNIe background
DNIe is one of the SpanishEid-s. Historically, there exists a patch for OpenSC which adds support for DNIe in OpenSC. There were two different OpenSC implementations for Spanish National eID card (DNIe) support
- The official one provided by Spanish irección General de la policía y de la Guardia Civil (DGP) was based in OpenSC-0.11.8, released under GPLv3. It's not being currently maintained.
- OpenDNIe was an alternate LGPL implementation, written from scratch based on several documents and forums around DNIe.
From the public administration point of view the card has been procured by the Ministry of Interior (DGP's DNIe office), The chip card is a ST19WL34 provided by ST Microelectrónics and software has been procured by Fabrica Nacional De Moneda y Timbre (FNMT-RCM).
- The DNIe card software is closely related to FNMT's Ceres card, being very similar in structure and design.
- OpenDNIe is copyright 2011 of Juan Antonio Martinez (GitHub).
Resources:
- The official home page for the Spanish DNIe
Card capabilities
This is what is present when you dump the pkcs15 structure of a DNIe
PKCS#15 Card [DNI electrónico]:
Version : 0
Serial number : 06B62458828132
Manufacturer ID: DGP-FNMT
Flags : Login required, PRN generation
PIN [PIN1]
Object Flags : [0x3], private, modifiable
ID : 01
Flags : [0x211], case-sensitive, initialized, integrity-protected
Length : min_len:4, max_len:16, stored_len:8
Pad char : 0x00
Reference : 1
Type : ascii-numeric
Private RSA Key [KprivAutenticacion]
Object Flags : [0x3], private, modifiable
Usage : [0xC], sign, signRecover
Access Flags : [0x1D], sensitive, alwaysSensitive, neverExtract, local
ModLength : 2048
Key ref : 1 (0x1)
Native : yes
Path : 3f003f110101
Auth ID : 01
ID : 4130364236323435383832383133323230313031313131313634303236
GUID : {41303642-3632-3435-3838-323831333232}
Private RSA Key [KprivFirmaDigital]
Object Flags : [0x3], private, modifiable
Usage : [0x20C], sign, signRecover, nonRepudiation
Access Flags : [0x1D], sensitive, alwaysSensitive, neverExtract, local
ModLength : 2048
Key ref : 2 (0x2)
Native : yes
Path : 3f003f110102
Auth ID : 01
ID : 4630364236323435383832383133323230313031313131313634303236
GUID : {46303642-3632-3435-3838-323831333232}
Public RSA Key [KpuAutenticacion]
Object Flags : [0x3], private, modifiable
Usage : [0xC0], verify, verifyRecover
Access Flags : [0x12], extract, local
ModLength : 2048
Key ref : 1
Native : yes
Path : 3f003f110101
Auth ID : 01
ID : 4130364236323435383832383133323230313031313131313634303236
Public RSA Key [KpuFirmaDigital]
Object Flags : [0x3], private, modifiable
Usage : [0x2C0], verify, verifyRecover, nonRepudiation
Access Flags : [0x12], extract, local
ModLength : 2048
Key ref : 2
Native : yes
Path : 3f003f110102
Auth ID : 01
ID : 4630364236323435383832383133323230313031313131313634303236
X.509 Certificate [CertAutenticacion]
Object Flags : [0x3], private, modifiable
Authority : no
Path : 3f0060817004
ID : 4130364236323435383832383133323230313031313131313634303236
GUID : {41303642-3632-3435-3838-323831333232}
X.509 Certificate [CertFirmaDigital]
Object Flags : [0x3], private, modifiable
Authority : no
Path : 3f0060817005
ID : 4630364236323435383832383133323230313031313131313634303236
GUID : {46303642-3632-3435-3838-323831333232}
X.509 Certificate [CertCAIntermediaDGP]
Object Flags : [0x2], modifiable
Authority : no
Path : 3f0060617006
ID : 5330364236323435383832383133323230313031313131313634303236
GUID : {53303642-3632-3435-3838-323831333232}
Encoded serial : 02 10 642066C9997BAEE14402DA6EA422D649
Reading data object <0>
applicationName: 0000
Label: ADMIN_DatosFiliacion
applicationOID: NONE
Path: 3f0060317001
Auth ID: 01
Reading data object <1>
applicationName: 0000
Label: ADMIN_ImagenFacial
applicationOID: NONE
Path: 3f0060317002
Auth ID: 01
Reading data object <2>
applicationName: 0000
Label: ADMIN_ImagenFirma
applicationOID: NONE
Path: 3f0060317003
Auth ID: 01
Additionally there are some other data available:
-
Certificates used to stablish Secure Messaging Channel (according CWA14890-1 standard),
- EF 3F00/6020: ICC intermediate CA certificate in CVC (CardVerifiableCertificate) format,
- EF 3F00/601F: ICC Certificate (CVC format).
-
Extra information about card:
- EF 3F00/0006: IDESP (Card Serial Number),
- EF 3F00/2F03: DNIe card software version (not available in every cards),
- Chip Serial Number can be obtained by mean of APDU 90 B8 00 00 07,
- There is no EF(ATR) nor ED(DIR) files available,
- PIN related data are stored at 3F00/0000, but no read/write operations available on this EF.
DataObjects shown in pkcs15 structure are only readable with special unpublished software at Police's office
Public and Private keys are stored together in the same EF (A proprietary file type 15 is returned from FCI) so public keys are not readable, and need to be extracted from certificates
The card stores Three certificates (PIN-CHV1 protected):
- User Certificate (Authentication),
- User Certificate (Signature),
- Intermediate CA Certificate.
These certificates are stored in compressed format.
ATR Info
From DGP's page:
Tag Value Meaning
TS 0x3B Direct Convention
T0 0x7F Y1=0x07=0111; TA1,TB1 y TC1 present.
K=0x0F=1111; 15 historical bytes
TA1 0x38 FI (Factor de conversión de la tasa de reloj) = 744
DI (Factor de ajuste de la tasa de bits) = 12
Máx 8 Mhz.
TB1 0x00 No Vpp (programming voltage) required
TC1 0x00 No additional wait time required.
H1 0x00 Not used
H2 0x6A Issuer data (10 bytes)
H3 0x44 'D'
H4 0x4E 'N'
H5 0x49 'I'
H6 0x65 'e' ( stands for 'DNIe' keyword )
H7 Incorporated Match-On-Card technology issuer
0x10 SAGEM
0x20 SIEMENS
H8 0x02 IC manufacturer: STMicroelectronics.
H9 0x4C
H10 0x34 IC type: 19WL34
H11 0x01 MSB OS version: 1
H12 0x1v LSB OS version: 1v
H13 Life cycle phase
0x00 pre-personalization.
0x01 personalization.
0x03 user.
0x0F final.
H14 0xss
H15 0xss (2) Status bytes
H13-H15: 0x03 0x90 0x00 user phase
H13-H15: 0x0F 0x65 0x81 final phase: unoperative card
The ATR's and masks used in OpenSC are:
- Running (user lifecycle) cards:
3B:7F:00:00:00:00:6A:44:4E:49:65:00:00:00:00:00:00:03:90:00
,FF:FF:00:FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00:00:00:FF:FF:FF
.
- Invalidated (final phase) cards
3B:7F:00:00:00:00:6A:44:4E:49:65:00:00:00:00:00:00:0F:65:81
,- FF:FF:00:FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00:00:00:FF:FF:FF.
Supported algorithms
- DNIe supports PKCS1 padding and SHA1 hashes with 1024/2048bit RSA keys
Known issues and incompatibilities
- Secure Messaging according CWA14890 standard is used to perform any critical task
- DNIe does not support Logical Channels as described in ISO7816-4. So every communication with the card require the use of a single SM channel. This leads to many concurrency problems
- DNIe requires PIN (CHV1) to access UserCertificates
- As shown in pkcs15 tree, public and private keys are stored together in the same EF file, this
makes
pkcs15-tool --read-public-keys
to fail - The chip is prone to self-destroy on voltage level changes. NEVER plug/unplug reader with DNIe inserted
- Some critical task needs to be done at Police's station with special hard/soft: Change/unlock pin, Certificate renewal
- DNIe does not support APDU chaining, instead envelope cmd is issued by mean of a proprietary APDU (CLA 90 + envelope cmd)
OpenDNIe implementation
Current implementation of DNIe OpenSC driver consists in:
card-dnie.c
driver,pkcs15-dnie.c
emulator layer,cwa14890.c
card-independent implementation for CWA14890 standard for Secure Messaging,cwa-dnie.c
DNIe Data provider for cwa14890.c, that provides (local) keys and certificates required to complain with cwa14890 SM protocol,- a wrap function for sc_transmit_apdu() method, that catches al apdu requests, and translates into SM format when required,
- several glue patches.