Bug 1657365 - opensc fails to access smartcard while coolkey works
Summary: opensc fails to access smartcard while coolkey works
Keywords:
Status: CLOSED INSUFFICIENT_DATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: opensc
Version: 7.6
Hardware: All
OS: Linux
unspecified
high
Target Milestone: rc
: ---
Assignee: Jakub Jelen
QA Contact: Asha Akkiangady
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-12-07 19:21 UTC by joel
Modified: 2019-12-04 00:18 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-01-16 16:54:08 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description joel 2018-12-07 19:21:48 UTC
Description of problem:
opensc is failing to read card getting error -
(repeat) [opensc-pkcs11] card-coolkey.c:932:coolkey_apdu_io: called
[opensc-pkcs11] card-coolkey.c:1866:coolkey_compute_crypt: returning with: -1300 (Invalid arguments)
[opensc-pkcs11] sec.c:58:sc_compute_signature: returning with: -1300 (Invalid arguments)

Version-Release number of selected component (if applicable):


How reproducible:
very

Steps to Reproduce:
1.pkcs11-tool --test --login
2.
3.

Actual results:
error PKCS11 function C_SignFinal failed: rv = CKR_ARGUMENTS_BAD (0x7)
Aborting.

Expected results:
succeeds

Additional info:

Comment 3 joel 2018-12-11 02:07:01 UTC
The card reader is :
Card reader types
SCM Microsystems Inc. SCR 3310 [CCID Interface] 00

And the card is :
Giesecke & Devrient (PIV endpoint)     
The output of opensc-tool --attr shows the ATR bytes of the card to be
        3b:7a:18:00:00:73:66:74:65:20:63:64:31:34:34
  
As to the size of the keys how should I retrieve those? We tried: # pkcs11-tool --test --login

But this failed to output the any signatures.

Attaching that output as: redhat-pkcs11-tool-debug-output.txt

Comment 5 Jakub Jelen 2018-12-11 09:47:24 UTC
OK, so you have PIV card and you are getting the errors in coolkey. That is indeed a misconfiguration.

Does it work if you run it with explicitly selected PIV or CAC driver?

  OPENSC_DRIVER=PIV-II pkcs11-tool --test --login

  OPENSC_DRIVER=cac pkcs11-tool --test --login

You can get the size of the keys on the card by listing the objects on the card:

  pkcs11-tool -O

Comment 6 joel 2019-12-04 00:18:48 UTC
case abandoned by customer


Note You need to log in before you can comment on or make changes to this bug.