Smartcards (HST) and Ubuntu 12.04 Linux

This summarizes a partial success with using a smartcard under Linux

Ubuntu workarounds:

I had problems in getting the reader to be found in the system. In the end running the pcscd in the foreground in the debug mode at least seemed to work (as root):

bash> sudo pcscd -f -d

As a first check, try listing the readers:

bash> opensc-tool -l
# Detected readers (pcsc)
Nr.  Card  Features  Name
0    Yes             SCM SCR 3310 [CCID Interface] 00 00

Then check the supported algorithms:

bash> opensc-tool --list-algorithms
Using reader with a card: SCM SCR 3310 [CCID Interface] 00 00
Algorithm: rsa
Key length: 1024
Flags: padding ( pkcs1 ) hashes ( sha1 )

Algorithm: rsa
Key length: 2048
Flags: padding ( pkcs1 ) hashes ( sha1 )

Certificates:

First check the available certificates:

bash> pkcs15-tool -c

Then extract, e.g., the certificate with ID=48 (Root CA in my case)

bash> pkcs15-tool -r 48 > vrkrootca.pem

Transform from PEM/Base64 to plain binary,

bash> grep -v "CERTIFICATE" vrkrootca.pem |base64 -d >vrkrootca.crt

To cross-check that everything is as it should, the same certificate can be downloaded from the Internet. Certificate is installed to Firefox simply by opening the file.

Public keys:

Available keys can be listed with:

bash> pkcs15-tool --list-keys

My HST-card had two private RSA-keys, which can be extracted in SSH format:

bash> pkcs15-tool --read-ssh-key 45 
bash> pkcs15-tool --read-ssh-key 46

Public key can be set for SSH as follows:

• Extract the public SSH key (see above)
• Add it to ~/.ssh/authorized_keys at the destination host with correct prefix, e.g.,

  from="*" ssh-rsa AAA...
  

• Log in to the remove host with the smartcard:
  

  bash> ssh -I /usr/lib/opensc-pkcs11.so user@remote.host.org

Note that ssh-add did not seem to work currently under Ubuntu, at least not for me. 

Cryptographic Mechanisms:

bash> pkcs11-tool -M --module /usr/lib/opensc-pkcs11.so
  SHA-1, digest
  SHA256, digest
  SHA384, digest
  SHA512, digest
  MD5, digest
  RIPEMD160, digest
  GOSTR3411, digest
  RSA-X-509, keySize={1024,2048}, hw, decrypt, sign, verify
  RSA-PKCS, keySize={1024,2048}, hw, decrypt, sign, verify
  SHA1-RSA-PKCS, keySize={1024,2048}, sign, verify
  SHA256-RSA-PKCS, keySize={1024,2048}, sign, verify
  MD5-RSA-PKCS, keySize={1024,2048}, sign, verify
  RIPEMD160-RSA-PKCS, keySize={1024,2048}, sign, verify 

Computing a hash (digest):

bash> pkcs11-tool --module /usr/lib/opensc-pkcs11.so -hash -m MD5 \

       --input-file readme --output-file readme.md5 

The 16 bytes long result can be compared to output of the md5sum utility with

 > od -x -t x1 readme.md5
 > md5sum readme

Signing a hash:

bash> for i in RSA-X-509 RSA-PKCS SHA1-RSA-PKCS SHA256-RSA-PKCS \
           MD5-RSA-PKCS RIPEMD160-RSA-PKCS ; do
       pkcs11-tool --module /usr/lib/opensc-pkcs11.so -sign -m $i \
         --input-file readme --output-file readme.sign-$i
      done

Note that all except RSA-X-509 seemed to work (2012-10-26/Ubuntu 12.04).

Others and Links

• pkcs15-tool --list-pins  lists PIN-codes
• HST pages at linux.fi can be useful
• Similarly, www.fineid.fi

USB datacable as a temperature sensor (DS18B20)

As many other amateur hobbyists, I also wanted to keep eye on room temperatures using Dallas DS18B20 1-wire temperature sensors. I am using Linux, and digitemp software handles the software side. On the hardware side, the "standard" solution has been to run 1-wire sensors in parasitic mode, 

as described in

• http://pihost.us/~stacato/digitemp/
  
• http://www.linuxfocus.org/English/November2003/article315.shtml
  
• http://martybugs.net/electronics/tempsensor/hardware.cgi
  

However, as today's desktop computers rarely have a serial port anymore, the above approach is no longer self-evident. Leon Kos has written clear instructions on how to connect DS18B20 to "3.3 V serial port" of Linksys WRT routers:

http://www.lecad.fs.uni-lj.si/~leon/other/wlan/wrt54ow/
As many USB datacables for mobile phones actually include such a serial port AND a 5V output (of USB port), we can easily adapt the above work. I managed to get cheaply a third-party datacable designed for Ericsson T39,T65, T68(i), ... , which includes Prolific PL2303 serial port converter chip (see dmesg output in Linux), but any other similar cable should do the trick. Below is the schematics I used, which is essentially 1-to-1 with the latter design of Leon Kos.

The end result is illustrated below.

Based on a quick web search, it seems that at least the following mobile phones use 3.3V serial communication, and thus their data cables might work out (I only have experience with the Ericsson cable shown above):

• Ericsson/Sony Ericsson: T39, T65, T68(i), T230, T3xx, T6xx, ...
  
• Motorola V80, V300, V303, V400, V500, V501, V525, V600, ...
  
• Siemens S/C25, S/C/M35 and S/SL/ME/M45
  
• Nokia CA-42 and DKU-5 cables and their clones (see gnokii website)
  

Note also that you need +5V (or +3.3V) for the circuit.

DVD backups under Linux

I'm running Ubuntu 11.10 and needed to backup some DVD movies. Some available tools a quick web search suggested were:

• dvdrip and acidrip, which both are frontends to (1) rip a movie from a disk and (2) to decode it (with mencoder?) to some more compact format such as divx, mpeg4 etc.
• brasero allows one to create an iso-image of the disk.
• Alternatively, one can use dvdbackup, i.e., simply type
      dvdbackup -M -i /dev/dvd -o ./dvdbackup/movie-abc
  which creates the DVD file structure into the given directory.
  

Brasero turned out to be an easy tool for my purpose, as at this stage I did not want to decode the videos, but just to take backups. First everything went smoothly, until Brasero gave an error with one disk. At this point, I started to check other tools more closely. First one, dvdbackup, was not succesful either but reported

"Error cracking CSS key"

However, dvdrip was able to extract also the problematic movie and gave me an avi-file. Acidrip I did not try at this point. All along I did have appropriate libdvdread libraries installed.

I still wanted to use brasero, and in the end I tried setting a proper region code with regionset command. This solved the reading problem with brasero and dvdbackup. I do not know why dvdrip was OK without the regioncode setting.

In addition to the above, I also tried Thoggen, which decodes a movie. Unfortunately there was something wrong with resulting stream (missing frames?). There is also k9copy tool, which I have not tried (yet).

LG Flatron L193ST and startup problems

After some 5-6 years, my monitor started to show problems when starting. In the end, the blue-yellow led around the start button would simply blink for something like 15 minutes before the monitor started. And the delay appeared to prolong everytime. Once up and running, there were no more problems.