The user pins can be recovered as long as you still know the pin of the security officer (SO pin). If you forget the SO pin you are out of luck. You must reset the pins. To do that delete the files NVTOK.DAT, MK_USER and MK_SO from /var/lib/opencryptoki/<token>/ where <token> is "lite" for the ica token, "ccatok" for the cca token and "swtok" for the software token.
Mit freundlichen Grüßen/Best Regards/Cordialement Reinhard Dr. Reinhard Bündgen RAS & Crypto Architect for Linux on System z Virtualization and Systems Management Mail:buend...@de.ibm.com Phone: ++49-(0)7031-16-1130 Fax: ++49-(0)7031-16-3456 IBM Deutschland Research & Development GmbH Vorsitzender des Aufsichtsrats: Martina Koederitz Geschäftsführung: Dirk Wittkopp Sitz der Gesellschaft: Böblingen Registergericht: Amtsgericht Stuttgart, HRB 243294 From: Marcy Cortes <marcy.d.cor...@wellsfargo.com> To: LINUX-390@vm.marist.edu Date: 05/26/2012 12:19 AM Subject: Crypto question Sent by: Linux on 390 Port <LINUX-390@vm.marist.edu> So I was asked this about pkcsconf. What if we lose our PINs? Can you find them or clear them? I don't know! Where are these kept? It's got to be somewhere on the server itself or does the HW remember which virtual server has what pin? I can't think of anything in VM that would keep track of them. This is for Linux under VM - CRYPTO APVIRT in the directory. Marcy This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/ ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/
