-
Notifications
You must be signed in to change notification settings - Fork 712
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to initialize ePass2003 using pkcs11-tool? #1736
Comments
@batuhanceylan did you find any solution to this issue ? |
Nor really, sorry. |
please contact the vendor directly, @FeitianSmartcardReader seems to be non-responsive. |
I think this is a module issue. It should work fine with the module given by the manufacturer (Feitian). The specific module I use is |
Missed this issue, will check engineer after CNY, should be back on 3th, Feb, will follow up on this issue, thanks |
I have checked opensc code. This function should be that opensc module has not been added。 |
Is there any update on this? I am running into similar issues |
This issue is quite old. Try to specify where exactly the problem occurs... Which version of OpenSC are you using? ( Most of the token reinitialization issues were resolved using the commit 5a369a8 (commit date Wed Sep 23 08:37:09 2020 +0200). This commit is part of OpenSC version 0.21 and later. The following procedure should work without problems:
Thanks for testing. |
Hey @popovec, Thanks for getting back to me so quickly. The problem occurs when trying to initialize the token with
I have the latest OpenSC version from apt (v0.20.0-3). I'll try building from source and see if that resolves my problems :). Thanks again and I'll keep you posted. |
Well, now I feel like a fool. It works. Always check versions and never trust aptitude to use the most up-to-date version. I do have one question: epass2003 supports rsa4096. It seems even this newer version of OpenSC does not present this. Any idea as to why? |
I have no information about epass2003 being able to use an RSA key longer than 2048 bits. Newer epass2003 tokens, however, support elliptical keys. You can try to generate an elliptical key as follows:
Unfortunately, my epass2003 key does not support elliptic keys (over all, OpenSC signalize support for elliptic cryptography for epass2003, which is bad, but due to the lack of epass2003 documentation, I don't know how to fix it). |
I'm afraid that I have to use rsa4096. The epass2003 documentation is lacking and somewhat contradictory---I've seen some spec sheets mention 4096 and other 2048 for the exact same hardware. Regardless, thanks for the help. I really appreciate it. EDIT: I've raised this question with support |
I'm trying to initialize a token using epass2003 in order to offload some cryptographic operations onto device. However, I wasn't successful.
OpenSC 0.19.0 - default conf
Ubuntu 19.04
Here is what I tried:
Detailed debug log is here: Debug log
Then, I tried initializing PKCS15 by
But it failed as well. Lastly, I tried:
This time there was an Ubuntu notification saying Smart card is ready to use and asked for SO pin, only to fail after setting SO_PIN. The debug log writes:
The text was updated successfully, but these errors were encountered: