Bug 1241889
| Summary: | Coolkey doesn't recognize slot on yubikey NEO PIV card | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Jakub Jelen <jjelen> | ||||
| Component: | coolkey | Assignee: | Bob Relyea <rrelyea> | ||||
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 21 | CC: | jjelen, jmagne, nmavrogi, rrelyea | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2015-08-11 13:36:43 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Hi Jakub. Fedora doesn't have PIV support yet, so please verify that this doesn't work on RHEL 7 first. thanks. Yes. With rhel7 package on Fedora 21 it works as expected. Thank you for pointing out that this feature was not implemented in Fedora. So I think we can change this bug to Fedora and treat it as a feature request. *** This bug has been marked as a duplicate of bug 1043602 *** |
Created attachment 1050648 [details] PKCS11SPY output of both commands Description of problem: We were trying to use PIV on yubikey NEO using coolkey to work with openssh, but it ends with error, that there is no slot recognised. Tested on Fedora21, but it is probably applicable for RHEL7 too. Modutil lists key successfully, same as opensc, but coolkey doesn't. Version-Release number of selected component (if applicable): coolkey-1.1.0-26.fc21.x86_64 How reproducible: deterministic Steps to Reproduce: 1. $ modutil -list -dbdir /etc/pki/nssdb 2. CoolKey PKCS #11 Module library name: libcoolkeypk11.so slots: 1 slot attached status: loaded slot: Yubico Yubikey NEO OTP+CCID 00 00 token: 2. $ ssh-keygen -D /usr/lib64/pkcs11/opensc-* ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6oDtCM+MnABKwmxsEftnRbNhx7Lz9Qb3pNZ6KMGFByOiDkuOxBjf8dRRxhSw7B9WsTFvopTO6AV5JbCJq9BRDLMf3VHpqw+D1L8bK6n+FagbHFA2zHJgo9OoKMUxvBSOMojiQFi+zOWYsWULb9PPZH5E8LOwMLAePL7N38W7OG2U+muZvw0rVb2T6+FL5jsaEhRix9/9KvXxW9n0C0Qv6VHakWwipwQMXsqnuuSqVZJS/IaBHj8o20UaKem2xrv36JDZVm4sAloMlKZeCUeuDnRJ1zdggTjGo5/Pcv6RYCursR861roJ/wnh78KT8vY2En4zHPMI9v5DEjPNAlYCt 3. $ ssh-keygen -D /usr/lib64/pkcs11/libcoolkeypk11.so no slots cannot read public key from pkcs11 verbose output using PKCS11SPY is added as attachement Actual results: coolkey reports "no slots" Expected results: public key should be printed Additional info: