Exploring Servis24 certificate card from the Česká spořitelna bank

Česká spořitelna is one of the the largest banks in Czech Republic. I am client of this bank for a long time and satisfied with their services. One of the services I am using is an internet-bank (Servis24).

It is web-based and works from Firefox without problem. Only issue for me was SMS confirmation for every transaction – i found that SMS delivery in roaming is not always reliable. Also i dislike password-based authentication. So I decided to order card for certificate.

How to get the card?

I got my card in the local branch. When you are getting the card it already contain PIN and PUK codes, but no certificate installed. It is possible to buy card with cardreader or separately (my choice). Also you will get special code to get certificate.

How it works?

Unfortunately certificate functionality works only in windows. Card itself is a modified Gemalto (TOP GX4 72k?), issued by Monet+ company. Unfortunately it is not recognized by OpenSC and all known drivers seems to fail with this card. For integration with browser  plugin named “PKI Klientská aktivní komponenta ČSAS” (file: npPKIComponentNPAPI.dll) used. This plugin provides JavaScript API later used inside internet-bank application. I was not able to find Linux version of it. In Windows running in VirtualBox it works perfectly.

To start working with the card you will need to login to the servis24 using login/password and use certificate manager menu. It will format card, generate private key and create CSR. After this you will be able to request certificate. In my case certificate was ready in about 10 minutes. It is also possible to change PIN in the certificate manager menu.

What is on the card?

I found that it is possible to explore the card because there is PKCS #11 module “\Documents and Settings\Owner\Application Data\CSAS\lib\x86\csep11.dll”. It is possible to use it with OpenSC project.

For example, to list supported cyphers:

pkcs11-tool.exe --module  "C:\Documents and Settings\Owner\Application Data\CSAS\lib\x86\csep11.dll" --list-mechanism
Supported mechanisms:
RSA-PKCS-KEY-PAIR-GEN, keypairgen
RSA-PKCS, sign, verify, wrap, decrypt, other flags=0x20000
RSA-X-509, sign, verify, wrap, decrypt, other flags=0x20000
MD5, digest
MD2, digest
SHA-1, digest
SHA256, digest
SHA384, digest
SHA512, digest
DES-ECB, wrap, unwrap, encrypt, decrypt, other flags=0x20000
DES-CBC, encrypt, decrypt
DES3-ECB, wrap, unwrap, encrypt, decrypt, other flags=0x20000
DES3-CBC, encrypt, decrypt
SHA1-RSA-PKCS, sign
SHA256-RSA-PKCS, sign

It is possible to list objects on the card using –list-objects command:

Object 1, type 5
Certificate Object, type = X.509 cert
label:      I.CA Root Certificate 09-2009
ID:         <id_number>
Public Key Object; RSA 2048 bits
label:      CryptoPlus2-0100-XXXXXXX
ID:         <id_number>
Usage:      none
Data object 4
label:          ''
application:    ''
app_id:         <empty>
flags:
Certificate Object, type = X.509 cert
label:      CryptoPlus2-0100-XXXXX
ID:         <id_number>

Some interesting findings:

1. Card contain standard SSL certificate issued by I.CA (První certifikační autorita, a.s. – local Czech certification authority) and I.CA root cert. Certificate valid for 1 year from issue date.
2. Label (replaced with XXX) contains card number (printed on card).
3. Solution is based on CryptoPlus product from Monet+ a.s.
4. Certificate itself is extractable and contain my name, address and email inside. Key usage is specified as “TLS Web Client Authentication, E-mail Protection”.
5. Public key is 2048bit length.  If used with –login option pkcs11-tool will ask for a pin and will add private key to the list of objects. Key is not extractable (and probably locally-generated).
6. It should be possible to use this card for SSH authentication or Email signing/encryption in Windows, because PKCS #11 API seems to be implemented correctly.
7. It should be possible to reverse engineer card protocol and re-impement plugin in Linux. Unfortunately its a dead-end, because internet-banking rely on npPKIComponentNPAPI plugin, which is also closed source and implements undocumented API.
8. Card ATR is VERY similar to OpenCard – Czech card for public local transport. Reason is very simple – implementation was done by the same company – Monet+ a.s..

Conclusion

For me it is not a big problem to use VirtualBox with this card, but I am very unsatisfied with the chosen method and technology. Instead of relying on standard technologies like PKCS#11 for website authentication and Java applet with PKCS#11  for signing developers re-implemented the wheel. Card itself also contain modified firmware, so i was not able to read it using pkcs15-tool. All middle-ware components are closed-source, without any kind of documentation. I am not trusting “security by obscurity” solutions, so recommending to not leave card in the slot when not in use. Especially if your reader is without pin-pad.