Description of problem: opensc, version 0.11.9, in F12 doesn't work with US Gov PIV smart cards. The utility pkcs15-tool can not access any of the data on the PIV card. This is also true of pam_pkcs11 which used opensc as a plugin for console login. Version 0.11.8 in F11 works fine. Version-Release number of selected component (if applicable): 0.11.9-2.fc12 How reproducible: 100% Steps to Reproduce: 1. insert PIV card 2. run command: pkcs15-tool -k Actual results: Using reader with a card: CCID Compatible Expected results: Using reader with a card: CCID Compatible Private RSA Key [PIV AUTH key] Com. Flags : 0 Usage : [0x2E], decrypt, sign, signRecover, unwrap Access Flags: [0x1D], sensitive, alwaysSensitive, neverExtract, local ModLength : 2048 Key ref : 154 ....... Additional info: Installing the RPM from F11 (opensc-0.11.8-1.fc11) the PIV card is seen and works as expected. Installing libraries and utilities from source on the project website (0.11.11) also works correctly. This was all tested on the same machine with the same configurations. The command "piv-tool --serial" works as expected in all versions.
I had the same results, and it is not just a problem with Fedora. Installing version 0.11.9 from the source on the project website does not work, and the PIV card doesn't work with other Linux distributions that use OpenSC 0.11.9, but it does work with distributions that use OpenSC 0.11.8 or earlier. So, a problem must have been introduced in version 0.11.9 that was fixed in either version 0.11.10 or 0.11.11.
opensc-0.11.11-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/opensc-0.11.11-1.fc12
The submitted 0.11.11-1.f12 RPM update for x86_64 work fixes the issue for PIV cards.
opensc-0.11.11-1.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update opensc'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2009-11734
opensc-0.11.11-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.