logo       
<prev   next>

Re: Eutron regressions in 0.11.0 ?: msg#00045

encryption.opensc.user

Subject: Re: Eutron regressions in 0.11.0 ?

Wolfgang Glas wrote:
...
# pkcs15-init -E -C

This command asked me for the unspecified PIN 115 (0x73) and I tried to enter the factory default SO PIN several times, which was a fatal error, because after contacting Eutron support I received their tool to reset the token (see: doc/euton.html in the openct ditribution), but this tool is unable to reset the token anyways, because I obviously blocked this factory-default transport PIN, which is undocumented and a secret of Siemens Italia.

just out of curiosity: what does cardos-info give you ?


6) However, when I try to generate a private key using opensc-0.11.0 and the PIN I generated with opensc-0.9.6, I get the follwing errors:

# pkcs15-init -G rsa/1024 -a 1 -i 46 -u sign
card-cardos.c:225:cardos_check_sw: invalid parameters in data field
card.c:376:sc_create_file: returning with: Incorrect parameters in APDU
Failed to generate key: Incorrect parameters in APDU

would be interesting to see the APDU log (note: APDU logging needs to be
enabled in the config due to security reasons) to find out what the exact
problem is

Well, this is the traditional game over situation, so I gave up with the ITSEC-I at this point. [cannot delete the content of the token, cannot generate another private key :-( ]

yep, it's rather simple to make a smartcard useless

7) I switched over to the ITSEC-P token, which should be supported by openct-0.6.7/opensc-0.11.0 and I successfully generated a pkcs15- structure.

8) I successfully generated a PIN on the ITSEC-P using openct-0.6.7/opensc-0.11.0:

# pkcs15-init -P -a 1

9) However, I cannot generate any certificate using this token, here are the corresponding errors:

# pkcs15-init -G rsa/1024 -a 1 -i 45 -u sign
Security officer PIN required.
Please enter Security officer PIN:
iso7816.c:99:iso7816_check_sw: No precise diagnosis
card.c:686:sc_card_ctl: returning with: Card command failed
Failed to generate key: Card command failed

again: a APDU log would be interesting

Cheers,
Nils
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: xdm with pam_pkcs11: 00045, Andreas Jellinghaus
Next by Date:  all wiki pages are now read-only: 00045, Andreas Jellinghaus
Previous by Thread:  Eutron regressions in 0.11.0 ?i: 00045, Wolfgang Glas
Next by Thread:  Re: Eutron regressions in 0.11.0 ?: 00045, Wolfgang Glas
Indexes:  [Date] [Thread] [Top] [All Lists]

Google Custom Search
News | FAQ | advertise