1241889 – Coolkey doesn't recognize slot on yubikey NEO PIV card

Bug 1241889 - Coolkey doesn't recognize slot on yubikey NEO PIV card

Summary: Coolkey doesn't recognize slot on yubikey NEO PIV card

Keywords:
Status:	CLOSED DUPLICATE of bug 1043602
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	coolkey
Sub Component:
Version:	21
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Bob Relyea
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2015-07-10 10:42 UTC by Jakub Jelen
Modified:	2015-08-11 13:36 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2015-08-11 13:36:43 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
PKCS11SPY output of both commands (11.66 KB, text/plain) 2015-07-10 10:42 UTC, Jakub Jelen	no flags	Details
View All

Description Jakub Jelen 2015-07-10 10:42:20 UTC

Created attachment 1050648 [details]
PKCS11SPY output of both commands

Description of problem:
We were trying to use PIV on yubikey NEO using coolkey to work with openssh, but it ends with error, that there is no slot recognised. Tested on Fedora21, but it is probably applicable for RHEL7 too.
Modutil lists key successfully, same as opensc, but coolkey doesn't.

Version-Release number of selected component (if applicable):
coolkey-1.1.0-26.fc21.x86_64

How reproducible:
deterministic

Steps to Reproduce:
1. $ modutil -list -dbdir /etc/pki/nssdb
  2. CoolKey PKCS #11 Module
	library name: libcoolkeypk11.so
	 slots: 1 slot attached
	status: loaded

	 slot: Yubico Yubikey NEO OTP+CCID 00 00
	token: 
2. $ ssh-keygen -D /usr/lib64/pkcs11/opensc-*
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6oDtCM+MnABKwmxsEftnRbNhx7Lz9Qb3pNZ6KMGFByOiDkuOxBjf8dRRxhSw7B9WsTFvopTO6AV5JbCJq9BRDLMf3VHpqw+D1L8bK6n+FagbHFA2zHJgo9OoKMUxvBSOMojiQFi+zOWYsWULb9PPZH5E8LOwMLAePL7N38W7OG2U+muZvw0rVb2T6+FL5jsaEhRix9/9KvXxW9n0C0Qv6VHakWwipwQMXsqnuuSqVZJS/IaBHj8o20UaKem2xrv36JDZVm4sAloMlKZeCUeuDnRJ1zdggTjGo5/Pcv6RYCursR861roJ/wnh78KT8vY2En4zHPMI9v5DEjPNAlYCt
3. $ ssh-keygen -D /usr/lib64/pkcs11/libcoolkeypk11.so
no slots
cannot read public key from pkcs11

verbose output using PKCS11SPY is added as attachement

Actual results:
coolkey reports "no slots"

Expected results:
public key should be printed

Additional info:

Comment 2 Bob Relyea 2015-07-28 21:16:46 UTC

Hi Jakub. Fedora doesn't have PIV support yet, so please verify that this doesn't work on RHEL 7 first. thanks.

Comment 3 Jakub Jelen 2015-07-29 10:38:16 UTC

Yes. With rhel7 package on Fedora 21 it works as expected. Thank you for pointing out that this feature was not implemented in Fedora.

So I think we can change this bug to Fedora and treat it as a feature request.

Comment 4 Nikos Mavrogiannopoulos 2015-08-11 13:36:43 UTC


*** This bug has been marked as a duplicate of bug 1043602 ***

Note You need to log in before you can comment on or make changes to this bug.