# ReinerSCT cyberjack pinpad USB smartcard reader (Ver. 0x300)

## Master One

I am trying to get that smartcard reader operational for days now, and it seems I am completely lost.

I emerged the necessary software using the cyberjack-2.0.9.ebuild from this bug.

I already gave feedback to that bug, but maybe someone here in the forum has an idea, what I'm missing here.

This is about the smartcard reader version with the ProductID 0x300. The driver for this new generation of cyberJack readers is implemented 100% in userspace. This means no trouble with different kernel versions, compiling/patching the kernel, ... All accesses are done via the usb devfs in /proc/bus/usb. Permission handling is done only via the hotplug mechanism. The cyberjack.usermap directs the usb.agent to execute the usbcyberjack script. This script then dynamically updates the permissions of the respective device, so users in the group cyberjack are able to access it.

I emerged the package with USE="-pcsc-lite +usb" (because I have no idea, what it's all about this pcsc-lite).

When I try the enclosed test-application cjgeldkarte, the green LED on the cardreader blinks, but the program just reports "Unknown card." (having my bank's Maestro card inserted, which also contains my a-trust certificate for digital signatures).

So the communicated using ctapi accessing the cardreader using the usbfs seems generally be working, although I don't know, if cjgeldkarte should give any result with my card, and if the green LED blinking is enough for a function-test.

I want to use this setup mainly for digitally signing documents and for online-banking. The appropriate software for my purposes is written in java and comes from SecCommerce (my bank uses their applets for online-banking as well).

The problem is now, that those java applets always only tell "No cardreader found", and there does not seem to be any possibility to do any configuration.

I don't really understand, how this is working at all, so how such an application is searching for a connected smartcard-reader device.

Because my 0x300 unit is accessed directly over the usbfs (so /proc/bus/usb), there is no entry for an USB device in /dev at all. The udev-rule, that is included with this installation, is of no use in that case, because there is no ttyUSB (using latest ~x86 udev) -> After some more reading, I can see, that the stuff about the /dev entries only applies to the 0x100 model of the cardreader, for which the USB Serial Converter kernel module is creating that device node.

When I go to this page, there are some possibilities for configuration, but those make no sense. If I select "automatic search", nothing happens. If I select "CT-API", a port (1-4) has to be chosen (?). It also has the selection "PC/SC", which disables the port-selection, but I don't have pcsc-lite installed & enabled for use with the cyberjack driver, simply because I thought, it surely has to be working without that additional package as well (and as far as I know, it really should).

The clue is now, that when using my banks online-banking access for use with my signature-smartcard, the used java applet does not show anyhing to configure at all, it just tells "no cardreader found", and that's it. So there has to be some magic, telling the used application, where to find the cardreader, and which library to use to access it.

So please someone tell me:

- What am I missing here? If my installation is not the problem, how is it supposed to work?

- Or do I need to re-emerge cyberjack with USE="+pcsc-lite"? But what do I have to configure, after I've done that, to make it work as supposed to?

----------

## tuXXer

Doesn't know if it works for you, but here how I got the SecCommerce applet working with my cyberJack (Ver. 0x100):

1. Emerge pcsc-lite

2. Install cyberjack ebuild

3. Copying content of /etc/reader.conf.cyberjack to /etc/reader.conf

4. Changing the Channel-ID to 0, so my /etc/reader.conf reads:

# Configuration file for pcsc-lite

# David Corcoran <corcoran@linuxnet.com

FRIENDLYNAME     "Generic Reader"

DEVICENAME       GEN_SMART_RDR

LIBPATH          /usr/lib/readers/usb/libgen_ifd.so

CHANNELID        0x0103F8

# REINER SCT cyberJack pinpad/e-com USB

FRIENDLYNAME    "REINER SCT cyberJack pinpad/e-com USB"

DEVICENAME      REINERSCT_CYBERJACK_USB

LIBPATH         /usr/lib/readers/libcyberjack_ifd.so

CHANNELID       0x000000

5. Starting pscs daemon /etc/init.d/pcscd start

6. Starting applet

----------

## Master One

Thank's for the hint, tuXXer, this way I got it to work with pcsc-lite. Using PC/SC, instead of CT-API, I could positively test the SecCardAdmin applet from the SecCommerce website, as well as the downloaded SecSigner, but not my banks SecCommerce applet for accessing my online-banking-account using my a-trust signature smartcard.

After some more fiddling around today, I called SecCommerce, and I was told, that my bank has intentionally disabled PC/SC support, because they don't want to support that interface, to only allow a certified cardreader (or just a Reiner SCT cardreader terminal at all) to be used with their SecCommerce application (probably some issues about the PIN code entry using the cardreaders keyboard). Too bad, so I had to unmerge pcsc-lite again, and concentrate once more on getting it to work with the CT-API solely.

After some more fiddling, I finally could get the CT-API access working, by copying ctapi-cyberjack.so to /usr/lib/ctapi.so (it was mentioned in the readme, but because cjgeldkarte also found the library without doing so, I thought it would not be necessary). The cardreader is now found on Port1 of CT-API.

The problem is now, that it works just fine with the SecCardAdmin applet from the SecCommerce website, and the SecCommerce applet of my bank, but the downloaded SecSigner is not working any more. This is really driving me nuts, because I have no idea, if this is now a problem of SecSigner with CT-API access, or with the Reiner SCT CT-API itself (at least it is no problem with the usbfs access, so no more doubts about not having any /dev USB entry).

I tried to analyse the problem with SecSigner accessing CT-API in the JAVA console:

```
21.12.2005 15:44:56:745 SearchSmartCardThread-1: Prefered Reader = CT-API Port1 Reiner SCT cyberJack null

21.12.2005 15:44:56:750 SearchSmartCardThread-1: Will try  _ctCybJk _ctCashM _ctKaan _ctTowi _ctOrga _ctCardM _ctChipP _ctCherry _PKCS11_ID2 _PKCS11_ZKA _PKCS11_SIEMENS _direct _pcsc

21.12.2005 15:44:56:764 SearchSmartCardThread-1: Load lib: /home/master/.seccommerce/temp/sio59756tmp

21.12.2005 15:44:56:770 SearchSmartCardThread-1: CtApi will try  _ctCybJk _ctCashM _ctKaan _ctTowi _ctOrga _ctCardM _ctChipP _ctCherry

21.12.2005 15:44:56:776 SearchSmartCardThread-1: load extralib libusb.so

21.12.2005 15:44:56:781 SearchSmartCardThread-1: load libctapi.so

21.12.2005 15:44:56:800 SearchSmartCardThread-1: Reader preference CT-API Port1 Reiner SCT cyberJack null was no success. java.lang.NoSuchMethodError: seccommerce.smartcard.ctapi.CtApi.setPort(I)V

21.12.2005 15:44:56:803 SearchSmartCardThread-1: CT-API failed: seccommerce.sec.SecExceptionCommunication: The prefered reader was not found. Status -1
```

In the shown applet windows it tells (translated from German):

```
Driverdownload:OK

Interface:CT-API Port1

CT-API Port1 Reiner SCT cyberjack null not found

CT-API Port1 Reiner SCT cyberjack null not found
```

After that failure the browser (Firefox V1.5) has to be restarted, before it's working again with my bank's SecCommerce applet or the SecCardAdmin applet (so it looks like the attempt with SecSigner crashes something). The following snippet from the JAVA console shows, what happens if I try to access the SecCardAdmin applet after the failure with SecSigner:

```
21.12.2005 16:02:53:988 SearchSmartCardThread-1: Prefered Reader = CT-API Port1 Reiner SCT cyberJack null

21.12.2005 16:02:53:988 SearchSmartCardThread-1: Will try  _ctCybJk _ctCashM _ctKaan _ctTowi _ctOrga _ctCardM _ctChipP _ctCherry _direct _pcsc

21.12.2005 16:02:54:011 SearchSmartCardThread-1: Load lib: /home/master/.seccommerce/temp/sio26119tmp

21.12.2005 16:02:54:012 SearchSmartCardThread-1: CtApi will try  _ctCybJk _ctCashM _ctKaan _ctTowi _ctOrga _ctCardM _ctChipP _ctCherry

21.12.2005 16:02:54:012 SearchSmartCardThread-1: load extralib libusb.so

21.12.2005 16:02:54:012 SearchSmartCardThread-1: load libctapi.so

21.12.2005 16:02:54:023 SearchSmartCardThread-1: CT_init pn=1, seccardadmin.ai: CT-API: ERR_INVALID Status -1

21.12.2005 16:02:54:025 SearchSmartCardThread-1: CT_init pn=2, seccardadmin.ai: CT-API: ERR_INVALID Status -1

21.12.2005 16:02:54:026 SearchSmartCardThread-1: CT_init pn=3, seccardadmin.ai: CT-API: ERR_INVALID Status -1

21.12.2005 16:02:54:026 SearchSmartCardThread-1: CT_init pn=4, seccardadmin.ai: CT-API: ERR_INVALID Status -1

21.12.2005 16:02:54:026 SearchSmartCardThread-1: Reader preference CT-API Port1 Reiner SCT cyberJack null was no success. seccardadmin.ai: No usable CT-API port Status -1

21.12.2005 16:02:54:042 SearchSmartCardThread-1: CT-API failed: seccardadmin.ai: The prefered reader was not found. Status -1
```

And this shows the successful attempt with SecCardAdmin after the browser-restart:

```
21.12.2005 16:06:54:286 SearchSmartCardThread-1: Prefered Reader = CT-API Port1 Reiner SCT cyberJack null

21.12.2005 16:06:54:299 SearchSmartCardThread-1: Will try  _ctCybJk _ctCashM _ctKaan _ctTowi _ctOrga _ctCardM _ctChipP _ctCherry _direct _pcsc

21.12.2005 16:06:54:327 SearchSmartCardThread-1: Load lib: /home/master/.seccommerce/temp/sio48877tmp

21.12.2005 16:06:54:344 SearchSmartCardThread-1: CtApi will try  _ctCybJk _ctCashM _ctKaan _ctTowi _ctOrga _ctCardM _ctChipP _ctCherry

21.12.2005 16:06:54:361 SearchSmartCardThread-1: load extralib libusb.so

21.12.2005 16:06:54:373 SearchSmartCardThread-1: load libctapi.so

21.12.2005 16:06:54:420 SearchSmartCardThread-1: Card reader found: CT-API Port1 Reiner SCT cyberJack null

21.12.2005 16:06:54:423 SearchSmartCardThread-1: Ignored: Cannot output text on reader: seccardadmin.ai: Cannot output text on MKT reader:  Message from smart card: instruction code not supported or invalidated Status -1

21.12.2005 16:06:54:489 SearchSmartCardThread-1: Prefered Card = A-Trust ECC

21.12.2005 16:06:54:490 SearchSmartCardThread-1: Identifying inserted smart card

21.12.2005 16:06:54:491 SearchSmartCardThread-1: Will try smartcards  _atSigG _atECC _tcIdentr _telesec _signtrust _medisign _tcSigG _zka _sTrust _webSign+ _dTrGPK _dTrMic _obIdentr _datev _kvk _vw _postecert _siemensMA _ceres _drv

21.12.2005 16:06:54:547 SearchSmartCardThread-1: IID null

21.12.2005 16:06:54:628 SearchSmartCardThread-1: SmartCard found: A-Trust ECC

21.12.2005 16:06:54:628 SearchSmartCardThread-1: Smartcard reader firmware:  V3.0

21.12.2005 16:06:57:548 Thread-9: smartcard reader: CT-API Port1 Reiner SCT cyberJack null

21.12.2005 16:06:57:549 Thread-9: smartcard reader firmware:  V3.0

21.12.2005 16:06:57:549 Thread-9: smartcard: A-Trust ECC

21.12.2005 16:06:57:570 Thread-9: readerStr: CT-API Port1 Reiner SCT cyberJack null

21.12.2005 16:06:57:570 Thread-9: Reader name: Reiner SCT cyberJack null

21.12.2005 16:06:57:570 Thread-9: Adding previously unknown card <A-Trust ECC> to list of available cards
```

This results in the question, if this is a problem with the CT-API from Reiner SCT itself, or if it is a bug in the SecSigner applet (which may be the case, considering the shown message "java.lang.NoSuchMethodError: seccommerce.smartcard.ctapi.CtApi.setPort(I)V").

The Reiner SCT CT-API generally seems to be working now, I can access my bank's website and the SecCardAdmin on the website of SecCommerce and swap between these two without any problem. The cardreader and the inserted card are properly found every time. That's why I assume, that there is a problem in the SecSigner applet when using the access over CT-API (because SecSigner worked when using PC/SC as interface, but this is of no use, because due to the mandatory "locking" both interfaces can not be used at the same time).

I already forwarded all this info to SecCommerce, so that hopefully someone will analyse that data.

I really want to have this matter solved, it can be a pain in the ass, if something is only half working.

Any further input is highly appreciated.

BTW All my tests were done in Firefox V1.5, because although Konqueror (KDE 3.5) is my browser of choice, I could not get it to run with Konqueror at all. I have no idea, what that is all about, because I really would assume, that Konqueror should just work fine with any JAVA applet. In the Konqueror setup under JAVA & JavaScript I have the following options set:

```
Activate Java globally (is set)

Use Security Manager (is set)

Shut down server for applets when inactiv (is set)

Timelimit for applet-server (60 sec)

Path to executable java-file or "java" (set to /opt/sun-jdk-1.4.2.10/bin/java)
```

I already played around with those settings, but no success. I can't even tell, what the problem could be, because the JAVA console does not open at all, if Konqueror is used, and the SecCommerce applet window just flashes that quickly, that it is impossible to tell, what it's showing, just leaving a popup with "Cardreader not found"...

Any ideas?

----------

## Master One

So, in the meantime, it is generally working with access over CT-API. The problem with the SecCommerce SecSigner applet seems to be a problem with the applet itself, SecCommerce is already investigating that matter.

Nevertheless I still could not get it to work at all in Konqueror, and I have no idea, what the problem could be.

Does really nobody have a clue, if this is a problem of Konqueror, the way it is handling JAVA applets, how to solve such a matter? Maybe it has something to do with the setting "Use KIO"? And how can I get the JAVA console to appear, when using Konqueror? ... I know, these are no problems related to "Kernel & Hardware", but I still think it fits best into this thread.

----------

