Description of problem: Using a german ID card along with a REINER SCT cyberJack RFID USB reader [1], fails with a protocol error after valid PIN entry. The card and PIN was verified to work with using the Android app using NFC. Additionally, the reader, card and PIN has been verified using the Open EID app as well on the same workstation. Version-Release number of selected component (if applicable): > AusweisApp2-data-1.20.2-10.fc33.noarch > AusweisApp2-1.20.2-10.fc33.x86_64 How reproducible: This is consistently and easily reproduced. Steps to Reproduce: 1. Install and open AusweisApp2 (rpm) 2. Select "See my personal data" 3. Select "Proceed to PIN entry" 4. Place ID card on usb card reader. 5. Enter PIN and continue. Actual results: App displays a protocol error. Expected results: App authenticates PIN and displays personal data. Additional info: The root cause seems to be due to the required elliptical curve being disabled on the openssl install. > support 2020.12.30 13:47:48.710 12917 I ...ionWorker::establishPaceChannel(card/base/CardConnectionWorker.cpp:186) : Starting PACE for PACE_PIN > card 2020.12.30 13:47:48.711 12917 C ...urveFactory::createCurve(card/base/pace/ec/EllipticCurveFactory.cpp:45) : Error on EC_GROUP_new_by_curve_name, curve is unknown: 927 > card 2020.12.30 13:47:48.711 12917 C EcdhKeyAgreement::create(card/base/pace/ec/EcdhKeyAgreement.cpp:61) : Creation of elliptic curve failed > card 2020.12.30 13:47:48.712 12917 C PaceHandler::initialize(card/base/pace/PaceHandler.cpp:134) : No supported domain parameters found > support 2020.12.30 13:47:48.712 12917 I ...ionWorker::establishPaceChannel(card/base/CardConnectionWorker.cpp:212) : Finished PACE for PACE_PIN with result PROTOCOL_ERROR > network 2020.12.30 13:47:49.003 12906 ...ndReceive::onReplyFinished(core/states/StateGenericSendReceive.cpp:285) : Status Code: 200 "OK" > network 2020.12.30 13:47:49.003 12906 ...ndReceive::onReplyFinished(core/states/StateGenericSendReceive.cpp:285) : Header | Connection: keep-alive > network 2020.12.30 13:47:49.003 12906 ...ndReceive::onReplyFinished(core/states/StateGenericSendReceive.cpp:285) : Header | Content-Type: application/vnd.paos+xml > network 2020.12.30 13:47:49.003 12906 ...ndReceive::onReplyFinished(core/states/StateGenericSendReceive.cpp:285) : Header | Content-Length: 1415 > network 2020.12.30 13:47:49.004 12906 ...ndReceive::onReplyFinished(core/states/StateGenericSendReceive.cpp:285) : Header | Content-Security-Policy: default-src 'self' > network 2020.12.30 13:47:49.004 12906 ...ndReceive::onReplyFinished(core/states/StateGenericSendReceive.cpp:285) : Header | Date: Wed, 30 Dec 2020 12:47:48 GMT > support 2020.12.30 13:47:49.069 12917 I Reader::updateRetryCounter(card/base/Reader.cpp:83) : retrieved retry counter: 3 , was: 3 , PIN deactivated: false > card 2020.12.30 13:47:49.143 12917 W ReaderManagerWorker::getReader(card/base/ReaderManagerWorker.cpp:235) : Requested reader does not exist: "REINER SCT cyberJack RFID basis 00 00" > card 2020.12.30 13:47:49.143 12917 W ...rManagerWorker::updateReaderInfo(card/base/ReaderManagerWorker.cpp:212) : Requested reader does not exist: "REINER SCT cyberJack RFID basis 00 00" > feedback 2020.12.30 13:47:49.145 12906 I ApplicationModel::showFeedback(ui/qml/ApplicationModel.cpp:457) : You may now remove your ID card from the device. > qml 2020.12.30 13:47:49.145 12906 W ApplicationModel::isScreenReaderRunning(ui/qml/ApplicationModel.cpp:428) : NOT IMPLEMENTED [1] https://www.amazon.de/REINER-cyberJack-Chip-Kartenleser-basis-Personalausweis/dp/B004FQO10U/ref=asc_df_B004FQO10U/
FEDORA-2021-b025f69683 has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2021-b025f69683
FEDORA-EPEL-2021-7e4f239518 has been submitted as an update to Fedora EPEL 8. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-7e4f239518
FEDORA-2021-ae621237b4 has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2021-ae621237b4
FEDORA-2021-5729f02f4c has been submitted as an update to Fedora 33. https://bodhi.fedoraproject.org/updates/FEDORA-2021-5729f02f4c
FEDORA-2021-ae621237b4 has been pushed to the Fedora 35 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-ae621237b4` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-ae621237b4 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2021-5729f02f4c has been pushed to the Fedora 33 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-5729f02f4c` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-5729f02f4c See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-EPEL-2021-7e4f239518 has been pushed to the Fedora EPEL 8 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-7e4f239518 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2021-b025f69683 has been pushed to the Fedora 34 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-b025f69683` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-b025f69683 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2021-b025f69683 has been pushed to the Fedora 34 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-EPEL-2021-7e4f239518 has been pushed to the Fedora EPEL 8 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2021-5729f02f4c has been pushed to the Fedora 33 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2021-ae621237b4 has been pushed to the Fedora 35 stable repository. If problem still persists, please make note of it in this bug report.
The problem still persists in AusweisApp2-1.22.2-3.fc34.x86_64: remote_... 2021.10.25 20:34:23.203 16182 I ConnectRequest::onConnected(remote_device/ConnectRequest.cpp:73) : Handshake of tls connection done! support 2021.10.25 20:34:25.282 16183 I Reader::updateRetryCounter(card/base/Reader.cpp:83) : retrieved retry counter: 3 , was: -1 , PIN deactivated: false support 2021.10.25 20:34:25.455 16183 I Reader::updateRetryCounter(card/base/Reader.cpp:83) : retrieved retry counter: 3 , was: 3 , PIN deactivated: false support 2021.10.25 20:34:31.110 16183 I ...ionWorker::establishPaceChannel(card/base/CardConnectionWorker.cpp:179) : Starting PACE for PACE_PIN card 2021.10.25 20:34:31.111 16183 C ...urveFactory::createCurve(card/base/pace/ec/EllipticCurveFactory.cpp:45) : Error on EC_GROUP_new_by_curve_name, curve is unknown: 927 card 2021.10.25 20:34:31.111 16183 C EcdhKeyAgreement::create(card/base/pace/ec/EcdhKeyAgreement.cpp:61) : Creation of elliptic curve failed card 2021.10.25 20:34:31.111 16183 C PaceHandler::initialize(card/base/pace/PaceHandler.cpp:117) : No supported domain parameters found support 2021.10.25 20:34:31.111 16183 I ...ionWorker::establishPaceChannel(card/base/CardConnectionWorker.cpp:229) : Finished PACE for PACE_PIN with result PROTOCOL_ERROR Link: https://bugzilla.redhat.com/show_bug.cgi?id=2000306