kamal kumar wrote: > Hi, > Today i tried certificate logon in XP with PIV card. > As i told you before, first certificate logon after > reboot succeeded. But the second logon failed. > > I have attached the opensc log files with this. This > log file contain entries for first successful logon > and second failed logon.
Does the second attempt say something about the container does not contain the key? (Or something like this..) If you pull the card out and insert again, does the login work? We have seen this too. Pulling the card out and inserting again get it to work. The SCB-0.8 is built on OpenSC-0.11.2 0.11.3 will contain a number of fixes for PIV, including some with locks, the ability to use 2K and 3K RSA keys, gzip'ed certs and use the FASC-N for a card serial number. I don't have the same build environment as Andreas on Windows so can't produce a full SCB, only parts. I will see what I can do to do some more testing of 0.11.3-pre on XP. > > Please give your opinion. > > Regards, > Kamal. > --- "Douglas E. Engert" <[EMAIL PROTECTED]> wrote: > >> >> kamal kumar wrote: >>> Hi all, >>> I tried certificate logon with "Identity Alliance >> CSP" >>> and opensc-pkcs11 module in XP machine. The >>> certificate logon works fine for the first time. >> But >>> if we logoff and again tries to do certificate >> logon, >>> the logon fails second time. >>> >>> I want to confirm whether it is a issue. >> Works OK for me. >> >>> I analysed the opensc log files. I think following >> is >>> the reason for the error. In XP, opensc-pkcs11 >> module >>> maintains the pc/sc smartcard connection during >> the >>> first certificate logon. And it uses the same >> pc/sc >>> connection for the second certificate logon also. >> But >>> since we removed and inserted the card in the >> middle >>> for getting PIN prompt in winlogon, we are getting >> the >>> error. >> Sounds like the card failed to do an unlock() at >> some time >> and so the pcsc connection might still be active. >> What type/version of IdAlly, OpenSC, card and reader >> are >> you using? >> >> I am using IdAlly-1.0, SCB-0.8 ( >> PIV card and pcmcia GemPC card. >> >> Note scb-0.8 is based on OpenSC-0.11.2 but the >> version numbers in the opensc-pkcs11.dll says >> 0.11.1. >> >> >>> Can any one please tell me whether it is a issue >> and >>> Is there any way to solve this. >>> >>> Regards, >>> Kamal. >>> >>> >>> >>> >>> > ____________________________________________________________________________________ >>> Sick sense of humor? Visit Yahoo! TV's >>> Comedy with an Edge to see what's on, when. >>> http://tv.yahoo.com/collections/222 >>> _______________________________________________ >>> opensc-devel mailing list >>> [email protected] >>> > http://www.opensc-project.org/mailman/listinfo/opensc-devel >>> >> -- >> >> Douglas E. Engert <[EMAIL PROTECTED]> >> Argonne National Laboratory >> 9700 South Cass Avenue >> Argonne, Illinois 60439 >> (630) 252-5444 >> > > > > > ____________________________________________________________________________________ > Get the Yahoo! toolbar and be alerted to new email wherever you're surfing. > http://new.toolbar.yahoo.com/toolbar/features/mail/index.php -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
