-
Notifications
You must be signed in to change notification settings - Fork 713
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PKCS11 function C_GetAttributeValue(MODULUS_BITS) failed #1208
Comments
could you upload a log with |
maybe you need to adjust |
I have no opensc.conf in my distribution (Fedora 26 or 27). |
Yes, you need to set |
Frank, thank you for the fast feedback. The configuration in Fedora is in The original bug also said it worked with 0.16.0 and before the suggested commit. So you mean that with this worked with the old The extended APDU in Ominkey 3121 were implemented in PCSC in Fedora 26 https://bugzilla.redhat.com/show_bug.cgi?id=1420024 But Omnkey 3021 is probably older. In PCSC it does not support extended APDU: http:https://pcsclite.alioth.debian.org/ccid/shouldwork.html#0x076B0x3021 So fastest solution would be to buy a new card reader. Not sure if there would be a way to implement some workaround also for this driver. Bad thing is that it does not CCID compliant APDUs. |
Thanks, on Fedora 26/27 when the values max_send_size/max_recv_size in /etc/opensc-x86_64.conf are increased everything is fine. |
Thank you for confirmation that it got resolved by updating the sizes. I will close also the bug. |
Can these limits be detected by opensc? |
Fixes OpenSC#1208 Fixes OpenSC#1118 Fixes OpenSC#1005 Fixes OpenSC#802
making max_send_size and max_recv_size worked for me on a Thinkpad P51 |
Using my card I have an security error issue.
Here below are the outputs of tools:
opensc-tool -l
Detected readers (pcsc)
Nr. Card Features Name
0 Yes Bit4id miniLector-s 00 00
opensc-tool --atr
Using reader with a card: Bit4id miniLector-s 00 00
3b:f2:18:00:02:c1:0a:31:fe:58:c8:08:74
opensc-tool --name
Using reader with a card: Bit4id miniLector-s 00 00
CardOS M4
pkcs11-tool -lt --module onepin-opensc-pkcs11.so
Using slot 0 with a present token (0x0)
Logging in to "PIN (InfoNotary)".
Please enter User PIN:
C_SeedRandom() and C_GenerateRandom():
seeding (C_SeedRandom) not supported
seems to be OK
Digests:
all 4 digest functions seem to work
MD5: OK
SHA-1: OK
RIPEMD160: OK
Signatures (currently only for RSA)
warning: PKCS11 function C_GetAttributeValue(MODULUS_BITS) failed: rv = CKR_GENERAL_ERROR (0x5)
testing key 0 (8999444B-0958-4867-979A-3F82D5701532) -- can't be used for signature, skipping: can't obtain modulus
testing key 1 (0835F722-EE3C-483C-ACF6-D9538FCDBBEE)
all 4 signature functions seem to work
testing signature mechanisms:
RSA-X-509: OK
RSA-PKCS: OK
SHA1-RSA-PKCS: OK
MD5-RSA-PKCS: OK
RIPEMD160-RSA-PKCS: OK
SHA256-RSA-PKCS: OK
testing key 1 (1024 bits, label=0835F722-EE3C-483C-ACF6-D9538FCDBBEE) with 1 signature mechanism
RSA-X-509: OK
testing key 2 (2048 bits, label=42CD5BED-1F7B-4A2F-9198-D2921FEBA8AE) with 1 signature mechanism
error: PKCS11 function C_Sign failed: rv = CKR_GENERAL_ERROR (0x5)
Aborting.
In Firefox after entering pin and choose the certificate there is an error:
Secure Connection Failed
An error occurred during a connection to www.epay.bg. A PKCS #11 module returned CKR_GENERAL_ERROR, indicating that an unrecoverable error has occurred. Error code: SEC_ERROR_PKCS11_GENERAL_ERROR
After some diging with git bisect I found the commit which broke my card using:
fcc8ea5 is the first bad commit
commit fcc8ea5
Author: Frank Morgner [email protected]
Date: Tue Nov 15 22:48:48 2016 +0100
:040000 040000 6240de371a96d285a1648aa1af119317b9964430 91bd88f2d1f06835a0c959a86dc5c4262ba0e4df M etc
:040000 040000 91237489ee5a6039d9668f2c0c842cee15d1b581 e8f91de043a2fc13027ea16def22aea58f35e3c8 M src
The text was updated successfully, but these errors were encountered: