Bug 884266 - None of the DoD PIV test cards work, even with the latest coolkey.
Summary: None of the DoD PIV test cards work, even with the latest coolkey.
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: coolkey
Version: 6.4
Hardware: All
OS: All
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Bob Relyea
QA Contact: Asha Akkiangady
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-12-05 19:03 UTC by Bob Relyea
Modified: 2013-02-21 10:16 UTC (History)
3 users (show)

Fixed In Version: coolkey-1.1.0-25
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-02-21 10:16:06 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2013:0397 normal SHIPPED_LIVE coolkey bug fix and enhancement update 2013-02-20 20:51:14 UTC

Description Bob Relyea 2012-12-05 19:03:37 UTC
Description of problem:

The Dod Supplies a set of PIV cards that it intends to deploy. Several of these cards are not expected to work because they require support that coolkey does not have:

Card 2: cert has PSS signatures.
Card 4, Card 5, Card 15: ECC cards.

The rest of the sample cards should work, but are unrecognized by coolkey.


Version-Release number of selected component (if applicable):

coolkey-1.1.0-24.el6


How reproducible:

Plug in any card. Neither Firefox (which coolkey installed), nor ESC (the card manager) will recognize the card.

neither will pklogin_finder.



Additional info:

Comment 1 Bob Relyea 2012-12-05 19:05:14 UTC
I have a patch in hand that solves this problem.

Comment 2 Bob Relyea 2012-12-10 22:26:38 UTC
Already in the errata, flip to ON_QA

Comment 3 Bob Relyea 2012-12-10 22:27:15 UTC
Wrong bug... this is only assigned...

Comment 4 Bob Relyea 2012-12-19 18:03:24 UTC
Asha, I never got a qa ack on this. There are complaints by Dod people that PIV II doesn't work, so we really do want this in 6.4 if we can get it...

Comment 8 Jenny Severance 2012-12-19 18:56:53 UTC
Setting conditional NAK flag for QE, can not fully ack until we have cards to verify.

Comment 9 Bob Relyea 2012-12-19 20:12:51 UTC
Jenny please reconsider. I have cards in hand I guarrentee I'll get at least one card out to Asha before I leave today, but I need the ack to check in as today is my last day to do so. 

Not getting this in could really hurt us with one of our best customers...

Comment 11 Bob Relyea 2013-01-02 18:30:53 UTC
This bug needs to get into the errata still.

Comment 22 Asha Akkiangady 2013-01-22 23:13:23 UTC
Card 2, Card 3: cert has PSS signatures.
Card 4, Card 5, Card 15: ECC cards.

All the PIV cards except ECC ones are recognized on ESC, Firefox and pklogin_finder.


Marking the bug verified.

Comment 24 errata-xmlrpc 2013-02-21 10:16:06 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-0397.html


Note You need to log in before you can comment on or make changes to this bug.