Hello, On Jan 30, 2011, at 8:20 PM, guy zelck wrote: > I'm trying to use my Actividentity ACTIVEKEY SIM (a usb stick) in order to authenticate myself in various domains (pam_pkcs11, company vpn, websites via Firefox). > With the stock opensuse 11.3 setup I couldn't get pkcs11_inspect (from pam_pkcs11 pkg) to work. The sim has a number-only password but I'm never asked for it. > So I decided to upgrade to all the latest packages. > Result is that it still doesn't work, neither pksc11_inpspect nor Firefox seem to be happy (the latter freezes for a minute or more). I've heard that opensuse has Problems with smart card readers and/or openssl, which the same software on Fedora or Ubuntu does not have. Nevertheless, your problems are quite generic. First, coolkey and OpenSC are different things. You should figure out which one you want to use first. Don't expect same results from different software, even though in theory they could be interchangeable. > Opensuse 11.3 had just recently released rpm packages with all the latest opensc, pcsc-lite, ... versions, including the latest coolkey build (there where some issues : https://bugzilla.novell.com/show_bug.cgi?id=661643#c4). > I've downloaded the source packages and compiled them to make sure they complied with my system (http://download.opensuse.org/source/distribution/11.3/repo/oss/suse/src/). > > These are the packages I've installed : > > coolkey-1.1.0-259.1.src.rpm Either this or OpenSC > engine_pkcs11-0.1.8-8.1.src.rpm > libp11-0.2.7-17.1.src.rpm > openct-0.6.20-21.1.src.rpm Don't use OpenCT, you don't need it. > opensc-0.12.0-27.1.src.rpm > pam_p11-0.1.5-13.1.src.rpm > pam_pkcs11-0.6.6-11.1.src.rpm > pcsc-ccid-1.4.1-18.1.src.rpm > pcsc-lite-1.6.6-41.1.src.rpm > pcsc-perl-1.4.11.tar.bz2 > pcsc-tools-1.4.17.tar.gz > > The pcscd daemon starts up from withing /etc/init.d but then shuts itself down (light = red) and comes on (light = green) on demand since the latest pcsc-lite version and I can get some information using the various tool commands but I'm unable to retrieve the key from it. pcscd is a lowlevel daemon, it knows nothing about keys or how to retrieve them. > # pkcs11-tool --module /usr/lib/libcoolkeypk11.so --list-slots (--pin xxxxxx) supplying pin makes no difference. Listing slots does not require a PIN so supplying it is not necessary (and must not make a difference) > > (Why these different results?) See above. This is expected - they are different packages (without --module pkcs11-tool defaults to /usr/lib/opensc-pkcs11.so, see OpenSC ticket #307 [1] > # opensc-tool -list-readers > opensc 0.12.0 [gcc 4.5.0 20100604 [gcc-4_5-branch revision 160292]] > Enabled features: zlib readline openssl pcsc(libpcsclite.so.1) > # Detected readers (pcsc) > Nr. Card Features Name > 0 Yes Activkey Sim 00 00 > Using reader with a card: Activkey Sim 00 00 > APDU too short (must be at least 4 bytes). > > Never is there any request for a password at any time Software does not seem to support your card. Nor should listing smart card readers request a PIN code. > I've upgrade libusb-1 too : > libusbmuxd1-1.0.4-1.6.i586 > libusb-0_1-4-0.1.13-6.1.i586 > libusb-1_0-devel-1.0.8-3.9.i586 > libusb-1_0-0-1.0.8-3.9.i586 > libusbmuxd-devel-1.0.4-1.6.i586 > libusb-compat-devel-0.1.3-6.1.i586 I assume everything is working fine on USB level as well as reader level. Your card itself is not supported properly by Coolkey (or at least with OpenSC, which I know better than Coolkey, which I don't know at all) [1] http://www.opensc-project.org/opensc/ticket/307 -- @MartinPaljak.net +3725156495 _______________________________________________ Coolkey-devel mailing list Coolkey-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/coolkey-devel
