Bug 538953 - opensc, version 0.11.9, in F12 doesn't work with US Gov PIV smart cards.
Summary: opensc, version 0.11.9, in F12 doesn't work with US Gov PIV smart cards.
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: opensc
Version: 12
Hardware: All
OS: Linux
low
high
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-11-19 16:11 UTC by arif
Modified: 2009-12-08 08:04 UTC (History)
3 users (show)

Fixed In Version: 0.11.11-1.fc12
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-12-08 08:04:19 UTC


Attachments (Terms of Use)

Description arif 2009-11-19 16:11:02 UTC
Description of problem:

 opensc, version 0.11.9, in F12 doesn't work with US Gov PIV smart cards. The utility pkcs15-tool can not access any of the data on the PIV card. This is also true of pam_pkcs11 which used opensc as a plugin for console login.
 
 Version 0.11.8 in F11 works fine.


Version-Release number of selected component (if applicable):

 0.11.9-2.fc12

How reproducible:

100%

Steps to Reproduce:
1. insert PIV card
2. run command: pkcs15-tool -k

  
Actual results:

Using reader with a card: CCID Compatible


Expected results:

Using reader with a card: CCID Compatible
Private RSA Key [PIV AUTH key]
        Com. Flags  : 0
        Usage       : [0x2E], decrypt, sign, signRecover, unwrap
        Access Flags: [0x1D], sensitive, alwaysSensitive, neverExtract, local
        ModLength   : 2048
        Key ref     : 154
.......


Additional info:

Installing the RPM from F11 (opensc-0.11.8-1.fc11) the PIV card is seen and works as expected.
Installing libraries and utilities from source on the project website (0.11.11) also works correctly.

This was all tested on the same machine with the same configurations.
The command "piv-tool --serial" works as expected in all versions.

Comment 1 David Cooper 2009-11-19 16:59:36 UTC
I had the same results, and it is not just a problem with Fedora.  Installing version 0.11.9 from the source on the project website does not work, and the PIV card doesn't work with other Linux distributions that use OpenSC 0.11.9, but it does work with distributions that use OpenSC 0.11.8 or earlier.  So, a problem must have been introduced in version 0.11.9 that was fixed in either version 0.11.10 or 0.11.11.

Comment 2 Fedora Update System 2009-11-19 17:28:50 UTC
opensc-0.11.11-1.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/opensc-0.11.11-1.fc12

Comment 3 arif 2009-11-19 21:12:51 UTC
The submitted 0.11.11-1.f12 RPM update for x86_64 work fixes the issue for PIV cards.

Comment 4 Fedora Update System 2009-11-20 05:13:56 UTC
opensc-0.11.11-1.fc12 has been pushed to the Fedora 12 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update opensc'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2009-11734

Comment 5 Fedora Update System 2009-12-08 08:04:14 UTC
opensc-0.11.11-1.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.