-
Notifications
You must be signed in to change notification settings - Fork 711
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Problem with v0.18.0 and pkcs11interop.net library #1455
Comments
Your stack trace seems incomplete... If your talking about the NEWS comment
Can the problem be reproduced only with OpenSC tools e.g. the combination of pkcs11-tool, pkcs11_spy and opensc-pkcs11.dll? |
pkcs11_spy returns OpenSC/src/pkcs11/pkcs11-spy.c Lines 224 to 232 in fcd719d
Have you configured the correct PKCS#11 library for the correct architecture? |
yes i am using the 32bit version and my application runs also on 32bit. Can the problem be reproduced only with OpenSC tools e.g. the combination of pkcs11-tool, pkcs11_spy and opensc-pkcs11.dll? |
When i run "opensc-tool --serial -r 2" i get the following message
|
Try something like |
Hi, thanks for your support! pkcs11-tool.exe --module=C:\temp\PivTool\bin\libykcs11-1.dll -t -l
when i run it without the module flag i get the following:
|
Yubico recommends OpenSC as PKCS#11 provider. Its own implementation is known to be buggy.
|
what's your exact setup? I can check the problem with loading the module via |
Hi sorry for the delay. I am running
this is my test code:
` When i run the Code with OpenSC v0.17.0 it works but i am not able to read the serial of the Key
|
SPY first tries to set the output file using environment variable "PKCS11SPY_OUTPUT" So first start with looking for the output. it will log something. SPY needs to know the name of the real pkcs11 library. If it can not load the module it returns
|
OpenSC windows developers need to look at: Well, I had been running with 0.17.0 on Windows 10 Pro 64. with 1803 installed in May. In 0.17.0 the registry was as above, and the opensc-pkcs11.dll was in system32. But today I tried to install nightly build https://github.com/OpenSC/Nightly/blob/2018-08-27_b5a6f9aa/OpenSC-win32_vs14-Release.msi It was only 56kb (to small) and would not install. So trying https://github.com/OpenSC/OpenSC/releases/download/0.18.0/OpenSC-0.18.0-win32_vs12-Release.msi (the current 0.18.0) It installed, but pkcs11-spy.dll was not instlled and opensc-pkcs11.dll was installed in a different location, as show in your scren shot above. So I do not have a pkcs11-spy.dll but you do. Not sure why you do and I don't. And my Firefox and Thunderbird need to be updated for new locations. Changing the security device path to point to the new opensc-pkcs11.dll it can see the reader, but Thunderbird crashes when a smart card is inserted. IIRC, the opensc-pkcs11 used to be installed in system32 for security reasons, so LSA could use them during login. From your pkcs1-spy log, it looks like SPY loaded, but it could not load the opensc-pkcs11.dll. With now path in Thunderbird security device, it can see the reader, but crashs when smart card inserted. |
ok i tried more things with different openSC 32bit versions and my Yubikeys. Problem1:
When i run the same command on the same machine but with v0.18.0 i get the following output.
That means i have to use v0.17.0 because v0.18.0 makes trouble in any way, ok Problem 2: When i run the command to list the readers:
looks good ok, but when i try to read the serial number from my Yubikey i get the following.
|
Let me correct some of the statements above. The missing pkcs11-spy may be caused by using "Typical". "Custom" appear to have installed it. But I am not finding the opensc-pkcs11.dll in either system32 or OpenSC-Project. still looking. |
Again, please note that Yubico recommends OpenSC in favor of |
See this comment: |
Hi, i installed the software of the link above and i have still the same poblem. opensc-tool.exe --info
opensc-tool.exe --serial
pkcs11-tool.exe --module="c:\Program Files (x86)\OpenSC Project\PKCS11-Spy\pkcs11-spy.dll" -t
pkcs11-tool.exe -t
content of pkcs11-spy.txt log
Can i do more tests? Thanks |
Spy can not fine the opensc-pkcs11.dll to load. See #1464 Simple solution for now would be to use regedit to change This may also work to test with Pkcs11Interop. You may also need to add to registry You may want to test signatures, so add --login to pkcs11-tool test: |
Here is what I did on Win10 Pro 64bit with win32 installer of 0.19.0-rc1 and Yubikey NEO CCID: cd yubico-piv-tool-1.6.1-win32\bin
set PKCS11SPY=libykcs11-1.dll
"C:\Program Files (x86)\OpenSC Project\OpenSC\pkcs11-tool.exe" --test --module="C:\Program Files (x86)\OpenSC Project\PKCS11-Spy\pkcs11-spy.dll" It errors on random number generation (it does not fail to load the module), which doesn't seem to be implemented by This is what I did to check your second problem: "C:\Program Files (x86)\OpenSC Project\OpenSC\opensc-tool.exe" --serial It prints the serial number as expected. Hence, I cannot reproduce the second of your problems. If I'm not mistaken, the Yubikey doesn't expose PIV/PGP when in U2F mode. Have you ever initialized your token with keys and certificates as described by Yubico? Please consult Yubico for support! |
And they are implemented by different applets on the token. |
Sounds like 3 different issues: Trying to get SPY to work so we can see more. Is your card initialized, pkcs11-tool --test --login would show with or without spy. if not initalized how to initialize the card with PIV (or OpenPGP) and keys and certificates. (The serial number for PIV comes from the CHUID which the Yubico-piv-tool can generate.) Getting pkcs11Interopt to use the OpenSC PKCS11 module with a properly initialized card. |
Problem Description
Hello, i am using the OpenSC PKCS11-Spy.dll with the pkcs11interop.net library v4.0.0.2 https://www.pkcs11interop.net/.
The Hardware i have is a Yubikey 4 which is connected to Windows 10 Pro machine.
I want to read the token serial to identify the right token for the required service.
With OpenSC version 0.17.0 the pkcs11interop.net library works fine but i don´t see the token serial number, only "000000".
I found a bugfix in the change log of OpenSC version 0.18.0 which should solve the serialnumber problem.
When i install the new OpenSC v0.18.0 i can´t run my application any more. I get always the same error message when i try to load the PKCS11-Spy.dll with pkcs11interop.net .
Error Message:
Proposed Resolution
Steps to reproduce
Logs
opensc-tool -l:
opensc-tool -n -r 2
opensc-tool --info
The text was updated successfully, but these errors were encountered: