-
Notifications
You must be signed in to change notification settings - Fork 713
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Smartcard stopped working, CKR_GENERAL_ERROR thrown #1005
Comments
Tested with a different card reader (Advanced Card Systems, Ltd ACR38 SmartCard Reader) and it works like a charm. |
Please add some debug output. Please note, that we are not distributing any other packages than the ones listed here. So your OpenSC build may not be up to date. |
https://gist.github.com/mrlnc/5a5a6261103047fa2e4542035e6ecb7f I deleted quite a lot. Please tell me if I deleted too much or too few :-) |
try setting |
The 4321 does not support extended So to send a large block, command
chaining is being used. Line 3965:
apdu.c:376:sc_single_transmit: CLA:10, INS:2A, P1:80, P2:86, data(255)
0x132cbd0
But you blanked out the command and data starting at line 3969 and you
blanked out response in line 3989 so it is hard to tell what happened. But
line 3992 says:
card-cardos.c:304:cardos_check_sw: chaining error
So it sounds like the card did not like the chaining. (I have
never seen a chaining error) So it is possible some code change was
introduced. The other reader may support extended APDU so chaining
may not be not needed.
To see reader features, see https://pcsclite.alioth.debian.org/ccid.html
…On Tue, Mar 28, 2017 at 5:45 AM, Frank Morgner ***@***.***> wrote:
try setting max_recv_size/max_send_size
<https://github.com/OpenSC/OpenSC/blob/master/etc/opensc.conf.in#L78-L79>
to a higher value.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#1005 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AA00MXAeQqA9OOqcoS0fvmkz8qhXiI_0ks5rqOTlgaJpZM4MoMuG>
.
|
how did your working setup look like? |
do you have a debug log for the working setup? |
I now bought a different reader Gemalto GemPC Express. That works fine. I could not verify whether the old cardreader is broken. |
thanks for the feedback |
Fixes OpenSC#1208 Fixes OpenSC#1118 Fixes OpenSC#1005 Fixes OpenSC#802
Whenever I reinstall my system, I end up googling this. Turns out this issue is first search result. Therefore I'd like to include a note to myself and all the others with similar configuration:
In
Works like a charm, then. Thanks @frankmorgner |
Also you may try installing an older driver for your reader. With my HID Omnikey 3021 I had the same error. I installed a driver of 2012 and it started working. |
Expected behaviour
I use OpenSC as Firefox Security Device to authenticate myself on a website. I'm asked for a PIN, then for a certificate to choose, and then successfully log-in.
This did work for me before, so it might be either a regression or something is wrong on my system. I'd like to ask for help to resolve this, since I don't know where to look for mistakes. For any debug information I could provide, please tell me if it compromise the smartcard's security.
Actual behaviour
I'm asked for the Smartcard PIN, certificate information is displayed correctly. When I proceed to use the selected certificate, Firefox throws this error:
Output with pkcs11-tool is:
Hard- and Software versions
Reader: OmniKey AG CardMan 4321
Smartcard Software:
opensc 0.16.0-2
pcsc-perl 1.4.14-2
pcsc-tools 1.4.27-1
pcsclite 1.8.20-1
Firefox 52.0.1-1
In Firefox, Security Device is /usr/lib/opensc-pkcs11.so
So far, I tried to downgrade opensc and pcsclite without success. Please not that I do not know when it stopped working, since I rarely use the smartcard.
The text was updated successfully, but these errors were encountered: