On 2012-01-17 17:43:00, Space Cake wrote: > Hi, > > I'm trying to use an aladdin token to access some sensitive information. > Unfortunately I'm getting the following error message > > vlad@brutal ~ $ ecryptfs-manager > > eCryptfs key management menu > ------------------------------- > 1. Add passphrase key to keyring > 2. Add public key to keyring > 3. Generate new public/private keypair > 4. Exit > > Make selection: 2 > [opensc-pkcs11] reader-pcsc.c:896:pcsc_detect_readers: SCardListReaders > failed: 0x8010002e > [opensc-pkcs11] reader-pcsc.c:1015:pcsc_detect_readers: returning with: > No readers found > Select key type to use for newly created files: > 1) tspi > 2) passphrase > 3) openssl > 4) pkcs11-helper > Selection: 4 > [opensc-pkcs11] reader-pcsc.c:896:pcsc_detect_readers: SCardListReaders > failed: 0x8010002e > [opensc-pkcs11] reader-pcsc.c:1015:pcsc_detect_readers: returning with: > No readers found > [opensc-pkcs11] reader-pcsc.c:896:pcsc_detect_readers: SCardListReaders > failed: 0x8010002e > [opensc-pkcs11] reader-pcsc.c:1015:pcsc_detect_readers: returning with: > No readers found > PKCS#11 Serialized ID: > Passphrase (empty for interactive): > Optional X.509 Certificate PEM file: > Error processing key generation decision graph; rc = [-5] > > I can see the card from pkcs11-tool > > vlad@brutal ~ $ pkcs11-tool -L > [opensc-pkcs11] reader-pcsc.c:896:pcsc_detect_readers: SCardListReaders > failed: 0x8010002e > [opensc-pkcs11] reader-pcsc.c:1015:pcsc_detect_readers: returning with: > No readers found > [opensc-pkcs11] reader-pcsc.c:896:pcsc_detect_readers: SCardListReaders > failed: 0x8010002e > [opensc-pkcs11] reader-pcsc.c:1015:pcsc_detect_readers: returning with: > No readers found > Available slots: > Slot 0 Aladdin eToken PRO > token label: OpenSC Card (vlad) > token manuf: OpenSC Project > token model: PKCS#15 > token flags: login required, PIN initialized, token initialized > serial num : 262119072909 > > any idea? same token is working for ssh login It is likely a bug with the eCryptfs pkcs11-helper key module. It doesn't get much use and neither of us eCryptfs maintainers have the appropriate hardware to test it (it was contributed by the pkcs11-helper maintainer, IIRC). Feel free to file a bug in launchpad: https://bugs.launchpad.net/ecryptfs/+filebug But do keep in mind that we don't have the needed hardware to fix it. I've looked into buying an eToken PRO for personal use, but sourcing just one in the US didn't seem to be very easy at the time. Tyler
Attachment:
signature.asc
Description: Digital signature