Re: Coolkey use problems on opensuse 11.3 with latest coolkey & opensc packages

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

On Jan 30, 2011, at 8:20 PM, guy zelck wrote:
> I'm trying to use my Actividentity ACTIVEKEY SIM (a usb stick) in order to authenticate myself in various domains (pam_pkcs11, company vpn, websites via Firefox).
> With the stock opensuse 11.3 setup I couldn't get pkcs11_inspect (from pam_pkcs11 pkg) to work. The sim has a number-only password but I'm never asked for it.
> So I decided to upgrade to all the latest packages. 
> Result is that it still doesn't work, neither pksc11_inpspect nor Firefox seem to be happy (the latter freezes for a minute or more).
I've heard that opensuse has Problems with smart card readers and/or openssl, which the same software on Fedora or Ubuntu does not have. Nevertheless, your problems are quite generic.

First, coolkey and OpenSC are different things. You should figure out which one you want to use first. Don't expect same results from different software, even though in theory they could be interchangeable.


> Opensuse 11.3 had just recently released rpm packages with all the latest opensc, pcsc-lite, ... versions, including the latest coolkey build (there where some issues : https://bugzilla.novell.com/show_bug.cgi?id=661643#c4).
> I've downloaded the source packages and compiled them to make sure they complied with my system (http://download.opensuse.org/source/distribution/11.3/repo/oss/suse/src/).
> 
> These are the packages I've installed :
> 
> coolkey-1.1.0-259.1.src.rpm                                                                                        
Either this or OpenSC

> engine_pkcs11-0.1.8-8.1.src.rpm                                                                                    
> libp11-0.2.7-17.1.src.rpm                                                                                          
> openct-0.6.20-21.1.src.rpm
Don't use OpenCT, you don't need it.


> opensc-0.12.0-27.1.src.rpm
> pam_p11-0.1.5-13.1.src.rpm
> pam_pkcs11-0.6.6-11.1.src.rpm
> pcsc-ccid-1.4.1-18.1.src.rpm
> pcsc-lite-1.6.6-41.1.src.rpm
> pcsc-perl-1.4.11.tar.bz2
> pcsc-tools-1.4.17.tar.gz
> 
> The pcscd daemon starts up from withing /etc/init.d but then shuts itself down (light = red)  and comes on (light = green) on demand since the latest pcsc-lite version and I can get some information using the various tool commands but I'm unable to retrieve the key from it.
pcscd is a lowlevel daemon, it knows nothing about keys or how to retrieve them.


> # pkcs11-tool  --module /usr/lib/libcoolkeypk11.so --list-slots (--pin xxxxxx) supplying pin makes no difference.
Listing slots does not require a PIN so supplying it is not necessary (and must not make a difference)

> 
> (Why these different results?)

See above. This is expected - they are different packages (without --module pkcs11-tool defaults to /usr/lib/opensc-pkcs11.so, see OpenSC ticket #307 [1]

> # opensc-tool -list-readers
> opensc 0.12.0 [gcc  4.5.0 20100604 [gcc-4_5-branch revision 160292]]
> Enabled features: zlib readline openssl pcsc(libpcsclite.so.1)
> # Detected readers (pcsc)
> Nr.  Card  Features  Name
> 0    Yes             Activkey Sim 00 00
> Using reader with a card: Activkey Sim 00 00
> APDU too short (must be at least 4 bytes).
> 
> Never is there any request for a password at any time
Software does not seem to support your card. Nor should listing smart card readers request a PIN code.

> I've upgrade libusb-1 too :
> libusbmuxd1-1.0.4-1.6.i586
> libusb-0_1-4-0.1.13-6.1.i586
> libusb-1_0-devel-1.0.8-3.9.i586
> libusb-1_0-0-1.0.8-3.9.i586
> libusbmuxd-devel-1.0.4-1.6.i586
> libusb-compat-devel-0.1.3-6.1.i586


I assume everything is working fine on USB level as well as reader level. Your card itself is not supported properly by Coolkey (or at least with OpenSC, which I know better than Coolkey, which I don't know at all)

[1] http://www.opensc-project.org/opensc/ticket/307
-- 
@MartinPaljak.net
+3725156495


_______________________________________________
Coolkey-devel mailing list
Coolkey-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/coolkey-devel


[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Women]

  Powered by Linux