Re: [opensc-devel] [opensc-commits] [OpenSC] #190: Problems with Siemens CardOS 4.3b (authentication, tokeninfo)

Thu, 22 Oct 2009 05:46:12 -0700 

Am Donnerstag 22 Oktober 2009 11:14:37 schrieb Marc Wäckerlin:
> Am Donnerstag, 22. Oktober 2009 schrieben Sie:
> > oh, and can you run pkcs15-tool --dump?
>
> In the attachment.

thanks. so your card has 5 PINs, 3 RSA private keys, 3 RSA public
keys and 5 certificates.

that is the new max I think, at least I don't remember anyone
putting so many things on one card.

so you have a SOPIN, then trying to use the onepin version
of opensc is wrong, won't work.

if you want to modify the card (e.g. store certficates),
you need to login with the SOPIN, not the user PIN.

> What's the problem (same with libsiecap11.so):
>
> PKCS11SPY=~/downloads/cv_act_scinterface_4.0.1_win_linux_mac/libcvP11.so\
>   src/tokentool pkcs11-spy.so
>
> **** Error: cryptoki: smardcard access error:
> C_GetFunctionList failed in bool
> cryptoki::Init::functionList(const std::string&):
> CKR_GENERAL_ERROR
>
> (that's my exception returning the return value)

so you get a log file, but it the app breaks with
the first pkcs#11 call? maybe some "protection" in libcvP11.so?
pkcs11-spy works with many libraries, first time I hear some
library is incompatible.

> CryptoVision fails (such as libsiecap11.so fails) see above.

that is the same as libcvP11.so? I'm confused here.

>   Here I can login and see all the private keys.

good. using onepin is wrong, when in fact you have
a sopin on your card.

> It's the same :-(

but the log file shows what is wrong:
621: C_Login
[in] hSession = 0x1
[in] userType = CKU_USER
[in] pPin[ulPinLen] [size : 0x6 (6)]
    31323334 3536
Returned:  0 CKR_OK


622: C_CreateObject
[in] hSession = 0x1
[in] pTemplate[11]: 
    CKA_CLASS             CKO_CERTIFICATE      
    CKA_TOKEN             True
    CKA_PRIVATE           False
    CKA_MODIFIABLE        True
    CKA_LABEL             [size : 0x27 (39)]
    70736575 646F3A20 4D617263 20576165 636B6572 6C696E20 56504E20 43657274
     p s e u  d o : .  M a r c  . W a e  c k e r  l i n .  V P N .  C e r t
    69666963 617465
...
Returned:  257 CKR_USER_NOT_LOGGED_IN

maybe not the correct return code (no expert here). but if you have a SOPIN,
then most likely the SOPIN is required to store a certificate on the card.
try to login with the super user (guess a different userType and the sopin),
and see if that helps.

Regards, Andreas
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Reply via email to