|
List Info
Thread: Segmentation fault in attempt to initialize eToken Pro 32K
|
|
| Segmentation fault in attempt to
initialize eToken Pro 32K |
 
United States |
2008-05-05 15:14:19 |
Hi!
I got two blank Aladdin eToken Pro 32K and I would like to
use open
source software to set up a key pair. (Hey, that seems like
close to
what any security-conscious computer-literate person should
do!)
In SUSE Linux 10.3, I did first
pkcs11-tool --init-token --label DEMO-PK-TOKEN-200805
I entered a Security Officer PIN (alphanumeric, 7
characters).
The command ended with "segmentation fault" but
something was changed on
the token memory (see listing below).
I then tried
pkcs11-tool --init-pin
I re-entered the above Security Officer PIN.
The command reported the following error:
function C_Login failed: w=CKR_USER_PIN_NOT_INITIALIZED
(0x102)
So, what can I do?
The background of this experiment is a deployment model in
which the
user relies on any support organization, PKI or not, even
herself with
simple utilities, to provision a token with a key pair (the
security
certificate is a don't care - just a required nuisance for
interoperability in SSL session establishment). The use of
opensc would
serve as a base for self-provisioning.
Thanks in advance.
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, Qc
Canada H2M 2A1
Tel.: (514)385-5691
Fax: (514)385-5900
web site: http://www.connotech.com
e-mail: thierry.moreau connotech.com
IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII openct-tool
list
0 Aladdin eToken PRO
IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII opensc-tool
--atr
winscard_clnt.c:3420:SCardCheckDaemonAvailability() PCSC Not
Running
3b:f2:98:00:ff:c1:10:31:fe:55:c8:03:15
IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII opensc-tool
--serial
winscard_clnt.c:3420:SCardCheckDaemonAvailability() PCSC Not
Running
23 11 B8 05 3B 11 #...;.
IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII opensc-tool
--list-files
winscard_clnt.c:3420:SCardCheckDaemonAvailability() PCSC Not
Running
3f00 type: DF, size: 22291
select[N/A] lock[NONE] delete[NONE] create[NONE] rehab[NONE]
inval[NONE]
list[N/A] sec: 00:00:00:00:00:00:00:00:00
prop: 01:04:00
3f006666 [AKS] type: DF, size: 22291
select[N/A] lock[NEVR] delete[NEVR] create[CHV1]
rehab[NEVR]
inval[NEVR] list[N/A] sec: FF:FF:01:FF:FF:FF:FF:01
prop: 01:00:FF
3f0066661000 type: DF, size: 22291
select[N/A] lock[CHV1] delete[NEVR] create[CHV1]
rehab[NEVR]
inval[NEVR] list[N/A] sec: FF:01:01:FF:FF:FF:FF:01
prop: 01:00:40
3f00666610000001 type: wEF, ef structure: transpnt,
size: 11
read[NONE] update[NEVR] write[NEVR] erase[NEVR]
rehab[NEVR]
inval[NEVR] sec: 00
prop: 01
00000000: 01 14 F3 52 43 14 85 00 00 00 00 ...RC......
3f00666610000002 type: wEF, ef structure: transpnt,
size: 32
read[NONE] update[CHV1] write[NEVR] erase[CHV1]
rehab[NEVR]
inval[NEVR] sec: 00:01:01:FF:FF:FF:FF:01:01
prop: 01
00000000: 65 54 6F 6B 65 6E 20 20 20 20 20 20 20 20 20 20
eToken
00000010: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 00
.
3f0066661001 type: DF, size: 22291
select[N/A] lock[CHV1] delete[NEVR] create[CHV1]
rehab[NEVR]
inval[NEVR] list[N/A] sec: FF:01:01:FF:FF:FF:FF:01
prop: 01:0A:28
3f00666610011001 type: wEF, ef structure: transpnt,
size: 128
read[NONE] update[CHV1] write[NEVR] erase[CHV1]
rehab[NEVR]
inval[NEVR] sec: 00:01:01:FF:FF:FF:FF:01:01
prop: 01
00000000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00000030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
3f00666610011002 type: wEF, ef structure: transpnt,
size: 128
read[NONE] update[CHV1] write[NEVR] erase[CHV1]
rehab[NEVR]
inval[NEVR] sec: 00:01:01:FF:FF:FF:FF:01:01
prop: 01
00000000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00000030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
3f0066661002 type: DF, size: 22291
select[N/A] lock[CHV1] delete[NEVR] create[CHV1]
rehab[NEVR]
inval[NEVR] list[N/A] sec: FF:01:01:FF:FF:FF:FF:01
prop: 01:00:00
3f00666610021002 type: wEF, ef structure: transpnt,
size: 128
read[NONE] update[CHV1] write[NEVR] erase[CHV1]
rehab[NEVR]
inval[NEVR] sec: 00:01:01:FF:FF:FF:FF:01:01
prop: 01
00000000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00000030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
3f0066661003 type: DF, size: 22291
select[N/A] lock[CHV1] delete[NEVR] create[CHV1]
rehab[NEVR]
inval[NEVR] list[N/A] sec: FF:01:01:FF:FF:FF:FF:01
prop: 01:02:00
3f00666610031003 type: wEF, ef structure: transpnt,
size: 64
read[NONE] update[CHV1] write[NEVR] erase[CHV1]
rehab[NEVR]
inval[NEVR] sec: 00:01:01:FF:FF:FF:FF:01:01
prop: 01
00000000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00000030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
3f0066665000 type: DF, size: 22291
select[N/A] lock[CHV1] delete[NEVR] create[CHV1]
rehab[NEVR]
inval[NEVR] list[N/A] sec: FF:01:01:FF:FF:FF:FF:01
prop: 01:00:00
Empty directory
3f0066666000 type: DF, size: 22291
select[N/A] lock[CHV1] delete[NEVR] create[CHV1]
rehab[NEVR]
inval[NEVR] list[N/A] sec: FF:01:01:FF:FF:FF:FF:01
prop: 01:00:00
Empty directory
3f0066667000 type: DF, size: 22291
select[N/A] lock[CHV1] delete[NEVR] create[CHV1]
rehab[NEVR]
inval[NEVR] list[N/A] sec: FF:01:01:FF:FF:FF:FF:01
prop: 01:00:00
Empty directory
3f005015 type: DF, size: 22291
select[N/A] lock[NEVR] delete[NONE] create[NONE]
rehab[NONE]
inval[NONE] list[N/A] sec: 00:FF:00:00:00:00:00:00:00
prop: 01:10:00
3f0050154401 type: wEF, ef structure: transpnt, size:
256
read[NONE] update[CHV1] write[CHV1] erase[CHV1]
rehab[CHV1]
inval[CHV1] sec: 00:01:01:01:01:01:00:00:00
prop: 01
00000000: 30 43 30 1A 0C 14 53 65 63 75 72 69 74 79 20 4F
0C0...Security O
00000010: 66 66 69 63 65 72 20 50 49 4E 03 02 06 C0 30 03
fficer PIN....0.
00000020: 04 01 FF A1 20 30 1E 03 02 00 4D 0A 01 01 02 01
.... 0....M.....
00000030: 06 02 01 08 02 01 08 80 01 01 04 01 00 30 06 04
.............0..
00000040: 04 3F 00 50 15 00 00 00 00 00 00 00 00 00 00 00
.?.P............
00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00000080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00000090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
000000A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
000000B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
000000C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
000000D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
000000E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
000000F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
3f0050155031 type: wEF, ef structure: transpnt, size:
256
read[NONE] update[NONE] write[NONE] erase[NONE]
rehab[NONE]
inval[NONE] sec: 00:00:00:00:00:00:00:00:00
prop: 01
00000000: A8 0A 30 08 04 06 3F 00 50 15 44 01 00 00 00 00
..0...?.P.D.....
00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00000030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00000080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00000090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
000000A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
000000B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
000000C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
000000D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
000000E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
000000F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
3f0050155032 type: wEF, ef structure: transpnt, size:
84
read[NONE] update[NONE] write[NONE] erase[NONE]
rehab[NONE]
inval[NONE] sec: 00:00:00:00:00:00:00:00:00
prop: 01
00000000: 30 52 02 01 00 04 06 23 11 B8 05 3B 11 0C 0E 4F
0R.....#...;...O
00000010: 70 65 6E 53 43 20 50 72 6F 6A 65 63 74 80 20 44
penSC Project. D
00000020: 45 4D 4F 2D 50 4B 2D 54 4F 4B 45 4E 2D 32 30 30
EMO-PK-TOKEN-200
00000030: 38 30 35 20 20 20 20 20 20 20 20 20 20 20 20 03
805 .
00000040: 02 04 10 85 0F 32 30 30 38 30 35 30 35 31 39 32
.....20080505192
00000050: 32 33 30 5A
230Z
3f0050154946 type: wEF, ef structure: transpnt, size:
128
read[NONE] update[CHV1] write[CHV1] erase[CHV1]
rehab[CHV1]
inval[CHV1] sec: 00:01:01:01:01:01:00:00:00
prop: 01
00000000: 01 06 70 6B 63 73 31 35 00 00 00 00 00 00 00 00
..pkcs15........
00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00000030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
3f002f00 type: wEF, ef structure: transpnt, size: 128
read[NONE] update[NONE] write[NONE] erase[NONE]
rehab[NONE]
inval[NONE] sec: 00:00:00:00:00:00:00:00:00
prop: 01
00000000: 61 36 4F 0C A0 00 00 00 63 50 4B 43 53 2D 31 35
a6O.....cPKCS-15
00000010: 50 20 44 45 4D 4F 2D 50 4B 2D 54 4F 4B 45 4E 2D P
DEMO-PK-TOKEN-
00000020: 32 30 30 38 30 35 20 20 20 20 20 20 20 20 20 20
200805
00000030: 20 20 51 04 3F 00 50 15 00 00 00 00 00 00 00 00
Q.?.P.........
00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII opensc-tool
--list-readers
winscard_clnt.c:3420:SCardCheckDaemonAvailability() PCSC Not
Running
Readers known about:
Nr. Driver Name
0 openct Aladdin eToken PRO
1 openct OpenCT reader (detached)
2 openct OpenCT reader (detached)
3 openct OpenCT reader (detached)
4 openct OpenCT reader (detached)
IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII opensc-tool
--list-drivers
winscard_clnt.c:3420:SCardCheckDaemonAvailability() PCSC Not
Running
Configured card drivers:
cardos Siemens CardOS
cardos Siemens CardOS
flex Schlumberger Multiflex/Cryptoflex
cyberflex Schlumberger Cyberflex
gpk Gemplus GPK
miocos MioCOS 1.1
mcrd MICARDO 2.1
asepcos Athena ASEPCOS
setcos Setec cards
starcos STARCOS SPK 2.3/2.4
tcos TCOS 2.0
openpgp OpenPGP card
jcop JCOP cards with BlueZ PKCS#15 applet
oberthur Oberthur AuthentIC.v2/CosmopolIC.v4
belpic Belpic cards
atrust-acos A-Trust ACOS cards
muscle Muscle Card Driver
emv EMV compatible cards
incrypto34 Incard Incripto34
piv PIV-II for multiple cards
acos5 ACS ACOS5 card
default Default driver for unknown cards
IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII opensc-tool
--list-rdrivers
winscard_clnt.c:3420:SCardCheckDaemonAvailability() PCSC Not
Running
Configured reader drivers:
pcsc PC/SC reader
ctapi CT-API module
openct OpenCT reader
IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII pkcs11-tool
--show-info
winscard_clnt.c:3420:SCardCheckDaemonAvailability() PCSC Not
Running
Cryptoki version 2.11
Manufacturer OpenSC (www.opensc-project.org)
Library smart card PKCS#11 API (ver 1.0)
IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII pkcs11-tool
--list-slots
winscard_clnt.c:3420:SCardCheckDaemonAvailability() PCSC Not
Running
Available slots:
Slot 0 (empty)
Slot 1 (empty)
Slot 2 (empty)
Slot 3 (empty)
Slot 4 (empty)
Slot 5 (empty)
Slot 6 (empty)
Slot 7 (empty)
IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII pkcs11-tool
--list-mechanisms
winscard_clnt.c:3420:SCardCheckDaemonAvailability() PCSC Not
Running
Supported mechanisms:
SHA-1, digest
SHA256, digest
SHA384, digest
SHA512, digest
MD5, digest
RIPEMD160, digest
RSA-X-509, sign, verify, unwrap, decrypt
RSA-PKCS, sign, verify, unwrap, decrypt
SHA1-RSA-PKCS, sign, verify
MD5-RSA-PKCS, sign, verify
RIPEMD160-RSA-PKCS, sign, verify
RSA-PKCS-KEY-PAIR-GEN, keypairgen
IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII pkcs11-tool
--list-objects
winscard_clnt.c:3420:SCardCheckDaemonAvailability() PCSC Not
Running
IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII
_______________________________________________
opensc-user mailing list
opensc-userlists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-
user
|
|
| Re: Segmentation fault in attempt to
initialize eToken Pro 32K |
 
Belgium |
2008-05-06 09:22:46 |
Thierry Moreau a écrit :
> Hi!
>
> I got two blank Aladdin eToken Pro 32K and I would like
to use open
> source software to set up a key pair. (Hey, that seems
like close to
> what any security-conscious computer-literate person
should do!)
>
> In SUSE Linux 10.3, I did first
>
> pkcs11-tool --init-token --label DEMO-PK-TOKEN-200805
>
> I entered a Security Officer PIN (alphanumeric, 7
characters).
>
> The command ended with "segmentation fault"
but something was changed on
> the token memory (see listing below).
>
>
Hi Thierry,
According to your attached file, your token is already
containing a
Aladdin structure (under 3f00/6666). So the token not really
erased, but
just "blanked"... Can you erased the card with
Aladdin software first
and then trying again (maybe with pkcs15-tool instead
pkcs11-tool)?
Cheers,
Jean-Pierre
_______________________________________________
opensc-user mailing list
opensc-userlists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-
user
|
|
| Re: Segmentation fault in attempt to
initialize eToken Pro 32K |
United States |
2008-05-06 13:29:24 |
More information:
I have an hypothesis about what is occurring. I entered an
alphabetic SO
PIN, while "pkcs15-tool --list-pins" reports a
6-to-8-digits
("acsii-numeric") PIN type.
Do I have any excuse? Well, sort of: 1) as open source
software matures,
users like me might expect some input data validation, and
2) although I
am quite knowledgeable of the principles and potential of
the
technology, this is my first hands-on experience with RSA
capable tokens.
Anyway, the part seems in a state where some SO PIN is set
(some
transformation of "3jOjpH+"), and the normal PIN
is neither set nor
settable.
Observations:
"pkcs15-tool --unblock-pin" completes without
complain, but seems to
have no effect.
Neither "pksc11-tool --init-pin" nor
"pcsk11-tool
Until now, I do not have access to the Aladdin software, but
I a working
on this.
I have two eTokens. I am now hesitant to try similar
configuration steps
until I am confident that I can recover from the previous
error.
Can I do the same with a readily available RSA-capable
smartcard? I just
got a laptop with Linux and a Gemplus, GemPC Card,
"Compact Smart Card
Reader Writer", P/N HWP113650A
Thanks.
- Thierry
JP Szikora wrote:
> Thierry Moreau a écrit :
>
>> Hi!
>>
>> I got two blank Aladdin eToken Pro 32K and I would
like to use open
>> source software to set up a key pair. (Hey, that
seems like close to
>> what any security-conscious computer-literate
person should do!)
>>
>> In SUSE Linux 10.3, I did first
>>
>> pkcs11-tool --init-token --label
DEMO-PK-TOKEN-200805
>>
>> I entered a Security Officer PIN (alphanumeric, 7
characters).
>>
>> The command ended with "segmentation
fault" but something was changed
>> on the token memory (see listing below).
>>
>>
>
> Hi Thierry,
>
> According to your attached file, your token is already
containing a
> Aladdin structure (under 3f00/6666). So the token not
really erased, but
> just "blanked"... Can you erased the card
with Aladdin software first
> and then trying again (maybe with pkcs15-tool instead
pkcs11-tool)?
>
> Cheers,
>
> Jean-Pierre
>
>
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, Qc
Canada H2M 2A1
Tel.: (514)385-5691
Fax: (514)385-5900
web site: http://www.connotech.com
e-mail: thierry.moreauconnotech.com
_______________________________________________
opensc-user mailing list
opensc-userlists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-
user
|
|
| Re: Segmentation fault in attempt to
initialize eToken Pro 32K |
United States |
2008-05-06 13:58:32 |
Thierry Moreau wrote:
> More information:
>
>
> I have an hypothesis about what is occurring. I entered
an alphabetic SO
> PIN, while "pkcs15-tool --list-pins" reports
a 6-to-8-digits
> ("acsii-numeric") PIN type.
>
> Do I have any excuse? Well, sort of: 1) as open source
software matures,
> users like me might expect some input data validation,
and 2) although I
> am quite knowledgeable of the principles and potential
of the
> technology, this is my first hands-on experience with
RSA capable tokens.
>
>
> Anyway, the part seems in a state where some SO PIN is
set (some
> transformation of "3jOjpH+"), and the normal
PIN is neither set nor
> settable.
>
>
> Observations:
>
> "pkcs15-tool --unblock-pin" completes
without complain, but seems to
> have no effect.
>
> Neither "pksc11-tool --init-pin" nor
"pcsk11-tool
>
>
> Until now, I do not have access to the Aladdin
software, but I a working
> on this.
This following site (http://daniel.benoy.na
me/?p=76) has a link near the
bottom for the Aladdin software. I was able to download it
and install
it on a windows machine to reset my eToken.
--
Bismark
"The problem with America is stupidity. I'm not saying
there should be a
capital punishment for stupidity, but why don't we just take
the safety
labels off of everything and let the problem solve
itself?" bash.org/?4753
_______________________________________________
opensc-user mailing list
opensc-userlists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-
user
|
|
| Re: Segmentation fault in attempt to
initialize eToken Pro 32K |
United States |
2008-05-07 09:02:54 |
Dear all:
An update on my troubleshooting effort, after looking at the
source code
and with many thanks to Bismark's relevant web page at
http://daniel.benoy.n
ame/?p=76.
1) Contrary to the last post by me, the alphanumeric data
entry would
not be the cause of the problem. The PIN string
"3jOjpH+" would turn
into the hex sequence 3A.FA.08.B0 according to the 4 lsb of
ASCII
representation, and the field padding rule. That's stills
troblesome,
because another API may use a different mapping.
2) The cause of the problem would be that the eToken Pro 32K
logic
requires a SO PIN setup (do_init_token) and a normal PIN
setup
(do_init_pin) in a *** SINGLE RUN *** of the pkcs11-tool
utility.
3) There seems to be an eToken mechanism to make a complete
and
unconditional reset of the token state, e.g. somewhere in
"the Windows
drivers", but absent from the opensc utilities options.
Is this
something missing in the opensc software?
Irrespective of the above difficulties, the opensc software
is much
appreciated as a way to connect to the RSA-capable tokens
technolgy
(e.g. since the pkcs11 spec is a ~400 pages document and
there are so
many diverse implementations, we can't blame the opensc
documentation
for not addressing our specific need of the day).
My next step is to improve my understanding of the software
and
technology structure.
Thanks
Thierry Moreau wrote:
> Hi!
>
> I got two blank Aladdin eToken Pro 32K and I would like
to use open
> source software to set up a key pair. (Hey, that seems
like close to
> what any security-conscious computer-literate person
should do!)
>
> In SUSE Linux 10.3, I did first
>
> pkcs11-tool --init-token --label DEMO-PK-TOKEN-200805
>
> I entered a Security Officer PIN (alphanumeric, 7
characters).
>
> The command ended with "segmentation fault"
but something was changed on
> the token memory (see listing below).
>
> I then tried
>
> pkcs11-tool --init-pin
>
> I re-entered the above Security Officer PIN.
>
> The command reported the following error:
>
> function C_Login failed: w=CKR_USER_PIN_NOT_INITIALIZED
(0x102)
>
> So, what can I do?
>
> The background of this experiment is a deployment model
in which the
> user relies on any support organization, PKI or not,
even herself with
> simple utilities, to provision a token with a key pair
(the security
> certificate is a don't care - just a required nuisance
for
> interoperability in SSL session establishment). The use
of opensc would
> serve as a base for self-provisioning.
>
> Thanks in advance.
>
_______________________________________________
opensc-user mailing list
opensc-userlists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-
user
|
|
| Re: Segmentation fault in attempt to
initialize eToken Pro 32K |
Belgium |
2008-05-07 10:23:34 |
Thierry Moreau a écrit :
>
> 3) There seems to be an eToken mechanism to make a
complete and
> unconditional reset of the token state, e.g. somewhere
in "the Windows
> drivers", but absent from the opensc utilities
options. Is this
> something missing in the opensc software?
>
>
Hi,
There is an EraseCard command in CardOS. But the command
must be
encrypted by the StartKey that may be changed and specific
to Aladdin.
And that EraseCard can also be protected by a PIN... Can you
do a
cardos-info on the token? It will show you the version, the
"state" of
your token, and the StartKey version. The 0xFF version is
the default
one, but any other one is unknown...
Cheers,
Jean-Pierre
_______________________________________________
opensc-user mailing list
opensc-userlists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-
user
|
|
| Re: Segmentation fault in attempt to
initialize eToken Pro 32K |
United States |
2008-05-07 11:02:08 |
JP Szikora wrote:
> Thierry Moreau a écrit :
>
>>
>> 3) There seems to be an eToken mechanism to make a
complete and
>> unconditional reset of the token state, e.g.
somewhere in "the Windows
>> drivers", but absent from the opensc utilities
options. Is this
>> something missing in the opensc software?
>>
>>
> Hi,
>
> There is an EraseCard command in CardOS. But the
command must be
> encrypted by the StartKey that may be changed and
specific to Aladdin.
> And that EraseCard can also be protected by a PIN...
Can you do a
> cardos-info on the token? It will show you the version,
the "state" of
> your token, and the StartKey version. The 0xFF version
is the default
> one, but any other one is unknown...
>
Thanks a lot for this pointer. Merci beaucoup!
Luckily, the Startkey version is the default, see below.
--
- Thierry Moreau
============================================================
Info : CardOS/M4.01 (C) Siemens AG 1994-2001
Chip type: 96
Serial number: 23 11 b8 05 3b 11
Full prom dump:
33 66 00 45 FF FF FF FF 60 FF 23 11 B8 05 3B 11
3f.E....`.#...;.
00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00
................
OS Version: 200.3 (that's CardOS M4.01)
Current life cycle: 32 (administration)
Security Status of current DF:
Free memory : 7
ATR Status: 0x0 ROM-ATR
Packages installed:
Ram size: 2, Eeprom size: 32, cpu type: 66, chip config: 63
Free eeprom memory: 22291
System keys: PackageLoadKey (version 0x00, retries 10)
System keys: StartKey (version 0xff, retries 10)
Path to current DF:
66 66 10 00 ff..
============================================================
_______________________________________________
opensc-user mailing list
opensc-userlists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-
user
|
|
| Re: Segmentation fault in attempt to
initialize eToken Pro 32K |
|
2008-05-08 03:55:20 |
Greets,
A lot of problems related to the seg fault error is not
providing the Aladdin module to the pkcs11-tool. As Aladdin
use their own customized EF there are two ways to manage
your eToken with pkcs11-tool.
1.
Install the linux drivers, latest version is 4.55 then use
the pkcs11-tool with --module=/usr/local/lib/libetpkcs11.so
( it depends where you have installed the Aladdin modules ).
Afterwards, with the Aladdin module it works pretty good, it
understands the pin, the keypair on board generation works
fine and you can import objects to it. Again if using the
openssl for certificate generation you can provide the
module to the opensc openssl add-on ( I can not remember the
name right now ) and again it works. I have tested this.
2. You can use the windows drivers to remove the Aladdin
file system on the eToken. This can be accomplished by
removing the "initialize PKCS#11 User pin" option
in the initialization section of the PKI Client in Windows.
Afterwards, the token will be erased and no Aladdin EF will
be on it. You can use pkcs15-tool then to init the token
with default pkcs#15 structure and use it as prescribed in
the Docs.
Hope I was helpful. You can contact me with additional
questions.
Regards,
Lyuben R. Bahtarliev eFellows Ltd.
-----Original Message-----
From: opensc-user-bounceslists.opensc-project.org
[mailto:opensc-user-bounceslists.opensc-project.org]
On Behalf Of Thierry Moreau
Sent: Wednesday, May 07, 2008 7:02 PM
To: JP Szikora
Cc: opensc-userlists.opensc-project.org
Subject: Re: [opensc-user] Segmentation fault in attempt to
initialize eToken Pro 32K
JP Szikora wrote:
> Thierry Moreau a écrit :
>
>>
>> 3) There seems to be an eToken mechanism to make a
complete and
>> unconditional reset of the token state, e.g.
somewhere in "the Windows
>> drivers", but absent from the opensc utilities
options. Is this
>> something missing in the opensc software?
>>
>>
> Hi,
>
> There is an EraseCard command in CardOS. But the
command must be
> encrypted by the StartKey that may be changed and
specific to Aladdin.
> And that EraseCard can also be protected by a PIN...
Can you do a
> cardos-info on the token? It will show you the version,
the "state" of
> your token, and the StartKey version. The 0xFF version
is the default
> one, but any other one is unknown...
>
Thanks a lot for this pointer. Merci beaucoup!
Luckily, the Startkey version is the default, see below.
--
- Thierry Moreau
============================================================
Info : CardOS/M4.01 (C) Siemens AG 1994-2001
Chip type: 96
Serial number: 23 11 b8 05 3b 11
Full prom dump:
33 66 00 45 FF FF FF FF 60 FF 23 11 B8 05 3B 11
3f.E....`.#...;.
00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00
................
OS Version: 200.3 (that's CardOS M4.01)
Current life cycle: 32 (administration)
Security Status of current DF:
Free memory : 7
ATR Status: 0x0 ROM-ATR
Packages installed:
Ram size: 2, Eeprom size: 32, cpu type: 66, chip config: 63
Free eeprom memory: 22291
System keys: PackageLoadKey (version 0x00, retries 10)
System keys: StartKey (version 0xff, retries 10)
Path to current DF:
66 66 10 00 ff..
============================================================
_______________________________________________
opensc-user mailing list
opensc-userlists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-
user
_______________________________________________
opensc-user mailing list
opensc-userlists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-
user
|
|
[1-8]
|
|