Smartcard-HSM sleeping?

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

Smartcard-HSM sleeping?

Michael Ströder
HI!

I'm testing the Smartcard-HSM with read "ACS ACR38U-CCID" and PKCS#11 with EJBCA.

Sometimes the USB token is not reachable from EJBCA anymore.
In this case "pkcs15-tool -D" also says "no readers". But the second
invocation of "pkcs15-tool -D" works as expected.

Seems that some component is going into sleep mode. But how to track which
one? Which sleep parameters should be tweaked?

Any experience of others here?

Ciao, Michael.


------------------------------------------------------------------------------

_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel

smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Smartcard-HSM sleeping?

Andreas Schwier (ML)
Hi Michael,

the SmartCard-HSM has no sleep mode.

If you are on Linux, then please run pcscd in foreground mode (pcscd -a
-f -d) to see if something happens with the client connection or the reader.

Are you using the USB-Stick or a card in the ACS reader ?

Andreas

On 10/29/2014 05:05 PM, Michael Ströder wrote:

> HI!
>
> I'm testing the Smartcard-HSM with read "ACS ACR38U-CCID" and PKCS#11 with EJBCA.
>
> Sometimes the USB token is not reachable from EJBCA anymore.
> In this case "pkcs15-tool -D" also says "no readers". But the second
> invocation of "pkcs15-tool -D" works as expected.
>
> Seems that some component is going into sleep mode. But how to track which
> one? Which sleep parameters should be tweaked?
>
> Any experience of others here?
>
> Ciao, Michael.
>
>
>
> ------------------------------------------------------------------------------
>
>
>
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>


--

    ---------    CardContact Software & System Consulting
   |.##> <##.|   Andreas Schwier
   |#       #|   Schülerweg 38
   |#       #|   32429 Minden, Germany
   |'##> <##'|   Phone +49 571 56149
    ---------    http://www.cardcontact.de
                 http://www.tscons.de
                 http://www.openscdp.org
                 http://www.smartcard-hsm.com


------------------------------------------------------------------------------
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Smartcard-HSM sleeping?

Michael Ströder
Andreas Schwier wrote:
> Are you using the USB-Stick or a card in the ACS reader ?

The card in the ACS reader.

Ciao, Michael.


------------------------------------------------------------------------------

_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel

smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Smartcard-HSM sleeping?

Andreas Schwier (ML)
On 10/29/2014 05:22 PM, Michael Ströder wrote:
> Andreas Schwier wrote:
>> Are you using the USB-Stick or a card in the ACS reader ?
>
> The card in the ACS reader.
Then maybe the reader has some power saving mode.

We are using the USB-Stick as key store in the DevNetCA from a
ScriptingServer instance running 24x7. That never goes to sleep.

I can't of course not talk for the ACS reader.

>
> Ciao, Michael.
>


--

    ---------    CardContact Software & System Consulting
   |.##> <##.|   Andreas Schwier
   |#       #|   Schülerweg 38
   |#       #|   32429 Minden, Germany
   |'##> <##'|   Phone +49 571 56149
    ---------    http://www.cardcontact.de
                 http://www.tscons.de
                 http://www.openscdp.org
                 http://www.smartcard-hsm.com


------------------------------------------------------------------------------
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Smartcard-HSM sleeping?

Michael Ströder
Andreas Schwier wrote:

> On 10/29/2014 05:22 PM, Michael Ströder wrote:
>> Andreas Schwier wrote:
>>> Are you using the USB-Stick or a card in the ACS reader ?
>>
>> The card in the ACS reader.
> Then maybe the reader has some power saving mode.
>
> We are using the USB-Stick as key store in the DevNetCA from a
> ScriptingServer instance running 24x7. That never goes to sleep.
>
> I can't of course not talk for the ACS reader.
I see a lot of these messages in debug output of pcscd:

00132737 eventhandler.c:493:EHStatusHandlerThread() powerState:
POWER_STATE_POWERED
00427871 ifdhandler.c:1349:IFDHPowerICC() action: PowerDown,
usb:072f/90cc:libudev:0:/dev/bus/usb/006/002 (lun: 0)
00098009 eventhandler.c:481:EHStatusHandlerThread() powerState:
POWER_STATE_UNPOWERED

Ciao, Michael.


------------------------------------------------------------------------------

_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel

smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Smartcard-HSM sleeping?

Ludovic Rousseau
Hello,

2014-10-29 17:33 GMT+01:00 Michael Ströder <[hidden email]>:

> Andreas Schwier wrote:
>> On 10/29/2014 05:22 PM, Michael Ströder wrote:
>>> Andreas Schwier wrote:
>>>> Are you using the USB-Stick or a card in the ACS reader ?
>>>
>>> The card in the ACS reader.
>> Then maybe the reader has some power saving mode.
>>
>> We are using the USB-Stick as key store in the DevNetCA from a
>> ScriptingServer instance running 24x7. That never goes to sleep.
>>
>> I can't of course not talk for the ACS reader.
>
> I see a lot of these messages in debug output of pcscd:
>
> 00132737 eventhandler.c:493:EHStatusHandlerThread() powerState:
> POWER_STATE_POWERED
> 00427871 ifdhandler.c:1349:IFDHPowerICC() action: PowerDown,
> usb:072f/90cc:libudev:0:/dev/bus/usb/006/002 (lun: 0)
> 00098009 eventhandler.c:481:EHStatusHandlerThread() powerState:
> POWER_STATE_UNPOWERED

This IS expected.
See http://ludovicrousseau.blogspot.fr/2010/10/card-auto-power-on-and-off.html

You should provide a full pcscd log. See
http://pcsclite.alioth.debian.org/pcsclite.html#support

Bye

--
 Dr. Ludovic Rousseau

------------------------------------------------------------------------------
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Smartcard-HSM sleeping?

Michael Ströder
Ludovic Rousseau wrote:
> You should provide a full pcscd log. See
> http://pcsclite.alioth.debian.org/pcsclite.html#support

Hmm, maybe this contributes to the many why-systemd-sucks stories:

When running pcscd in debug mode from command-line (as root) everything seems
to work.

But openSUSE has systemd configuration for pcscd and it only sometimes work!
I also have problems with Apache running under systemd. So I probably have to
look somewhere else first.

BTW:
Running on openSUSE 13.1

# pcscd --version
pcsc-lite version 1.8.12.
Copyright (C) 1999-2002 by David Corcoran <[hidden email]>.
Copyright (C) 2001-2011 by Ludovic Rousseau <[hidden email]>.
Copyright (C) 2003-2004 by Damien Sauveron <[hidden email]>.
Report bugs to <[hidden email]>.
Enabled features: Linux x86_64-suse-linux-gnu serial usb libudev
usbdropdir=/usr/lib64/readers ipcdir=/var/run/pcscd configdir=/etc/reader.conf.d

Ciao, Michael.


------------------------------------------------------------------------------

_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel

smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Smartcard-HSM sleeping?

Ludovic Rousseau
2014-10-29 17:58 GMT+01:00 Michael Ströder <[hidden email]>:

> Ludovic Rousseau wrote:
>> You should provide a full pcscd log. See
>> http://pcsclite.alioth.debian.org/pcsclite.html#support
>
> Hmm, maybe this contributes to the many why-systemd-sucks stories:
>
> When running pcscd in debug mode from command-line (as root) everything seems
> to work.
>
> But openSUSE has systemd configuration for pcscd and it only sometimes work!
> I also have problems with Apache running under systemd. So I probably have to
> look somewhere else first.

You can configure pcscd to generate logs when started by systemd. Just
add "--debug" to /lib/systemd/system/pcscd.service

Bye

--
 Dr. Ludovic Rousseau

------------------------------------------------------------------------------
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Smartcard-HSM sleeping?

Michael Ströder
Ludovic Rousseau wrote:

> 2014-10-29 17:58 GMT+01:00 Michael Ströder <[hidden email]>:
>> Ludovic Rousseau wrote:
>>> You should provide a full pcscd log. See
>>> http://pcsclite.alioth.debian.org/pcsclite.html#support
>>
>> Hmm, maybe this contributes to the many why-systemd-sucks stories:
>>
>> When running pcscd in debug mode from command-line (as root) everything seems
>> to work.
>>
>> But openSUSE has systemd configuration for pcscd and it only sometimes work!
>> I also have problems with Apache running under systemd. So I probably have to
>> look somewhere else first.
>
> You can configure pcscd to generate logs when started by systemd. Just
> add "--debug" to /lib/systemd/system/pcscd.service
I suspect the issue is how pcscd is started via udev when hotplugging the USB
reader.

Ciao, Michael.


------------------------------------------------------------------------------

_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel

smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Smartcard-HSM sleeping?

Ludovic Rousseau
2014-10-30 16:17 GMT+01:00 Michael Ströder <[hidden email]>:
> I suspect the issue is how pcscd is started via udev when hotplugging the USB
> reader.

pcscd is not (should not be) started by udev.

See http://ludovicrousseau.blogspot.fr/2011/11/pcscd-auto-start-using-systemd.html

Bye

--
 Dr. Ludovic Rousseau

------------------------------------------------------------------------------
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel