eToken Pro Error

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

eToken Pro Error

andre-4


Hi,

I am trying to generate a new key pair in an Aladdin eToken Pro with OpenSC, but
when the command pkcs15-init --generate-key is prompted, a error is returned and
I dont know how to solve and what it means. Please send me some help! Here is
the operations that i'm doing:

root@andre:~/icp # pkcs15-init -EC
PIN [Security Officer PIN] required.
Please enter PIN [Security Officer PIN]:
PIN [Security Officer PIN] required.
Please enter PIN [Security Officer PIN]:
New Security Officer PIN (Optional - press return for no PIN).
Please enter Security Officer PIN:
Please type again to verify:
Unblock Code for New User PIN (Optional - press return for no PIN).
Please enter User unblocking PIN (PUK):
Please type again to verify:
root@andre:~/icp # pkcs15-tool --list-pins
PIN [Security Officer PIN]
        Com. Flags: 0x3
        Auth ID   : ff
        Flags     : [0xBA], local, unblock-disabled, initialized, needs-padding,
soPin
        Length    : min_len:6, max_len:8, stored_len:8
        Pad char  : 0x00
        Reference : 1
        Type      : -1
        Path      : 3F005015
        Tries left: -1

root@andre:~/icp # pkcs15-init --generate-key RSA/1024 --auth-id ff
card.c:203:sc_transceive: Unable to transmit: Generic reader error
card.c:238:sc_transmit_apdu: transceive() failed: Generic reader error
card-etoken.c:864:etoken_generate_key: APDU transmit failed: Generic reader
error
card.c:836:sc_card_ctl: returning with: Generic reader error
card.c:203:sc_transceive: Unable to transmit: Generic reader error
card.c:238:sc_transmit_apdu: transceive() failed: Generic reader error
iso7816.c:436:iso7816_select_file: APDU transmit failed: Generic reader error
card-etoken.c:424:etoken_select_file: returning with: Generic reader error
card.c:713:sc_select_file: returning with: Generic reader error
Failed to generate key: Generic reader error
card.c:203:sc_transceive: Unable to transmit: Generic reader error
card.c:238:sc_transmit_apdu: transceive() failed: Generic reader error
iso7816.c:436:iso7816_select_file: APDU transmit failed: Generic reader error
card-etoken.c:424:etoken_select_file: returning with: Generic reader error
card.c:713:sc_select_file: returning with: Generic reader error
root@andre:~/icp #

Thanks.



_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: eToken Pro Error [u]

Andreas Jellinghaus-2
Hi.

Maybe --auth ff is not supported by cardos?
I never saw anyone using that. Why don't you create
a normale user with
        pkcs15-init -P -a 01
and then use
        pkcs15-init -G rsa/1024 -a 01 --split-key -u sign,decrypt
?

Also note: cardos is modular. that means some module necessary
to do what you want to do might not be installed on your card.
at least old etoken pro don't work for me unless some "packages"
are installed (the windows software does that). 4.01 worked
without (visible) packages installed on the card.

Good luck!

Andreas
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: eToken Pro Error [u]

andre-4
Hi,

Thanks for the attention, I did everything that you told me to do, but it seems
that nothing is happening... (see my proceedings bellow). My version of cardos
is 4.2.5.4, this version have all the packages?? In linux, I can't see my
certificates generated on Windows through the aladdin provider. In addition,
when I erase the token with pkcs-15-init -E (in linux), on Windows the aladdin
eToken application recognizes the token with all the objects previously stored
into it.

Thank you.

My proceedings:

root@andre:~/icp # openct-tool list
  0 Aladdin eToken PRO
root@andre:~/icp # pkcs15-init -EC
PIN [Security Officer PIN] required.
Please enter PIN [Security Officer PIN]:
PIN [Security Officer PIN] required.
Please enter PIN [Security Officer PIN]:
New Security Officer PIN (Optional - press return for no PIN).
Please enter Security Officer PIN:
Please type again to verify:
Unblock Code for New User PIN (Optional - press return for no PIN).
Please enter User unblocking PIN (PUK):
Please type again to verify:
root@andre:~/icp # pkcs15-tool --list-pins
PIN [Security Officer PIN]
        Com. Flags: 0x3
        Auth ID   : ff
        Flags     : [0xBA], local, unblock-disabled, initialized, needs-padding,
soPin
        Length    : min_len:6, max_len:8, stored_len:8
        Pad char  : 0x00
        Reference : 1
        Type      : -1
        Path      : 3F005015
        Tries left: -1

root@andre:~/icp # pkcs15-init -P -a 01
New User PIN.
Please enter User PIN:
Please type again to verify:
Unblock Code for New User PIN (Optional - press return for no PIN).
Please enter User unblocking PIN (PUK):
Please type again to verify:
Security officer PIN required.
Please enter Security officer PIN:
root@andre:~/icp # pkcs15-tool --list-pins
PIN [Security Officer PIN]
        Com. Flags: 0x3
        Auth ID   : ff
        Flags     : [0xBA], local, unblock-disabled, initialized, needs-padding,
soPin
        Length    : min_len:6, max_len:8, stored_len:8
        Pad char  : 0x00
        Reference : 1
        Type      : -1
        Path      : 3F005015
        Tries left: -1

root@andre:~/icp # pkcs15-init -G rsa/1024 -a 01 --split-key -u sign,decrypt
Security officer PIN required.
Please enter Security officer PIN:
root@andre:~/icp # pkcs15-tool -k
root@andre:~/icp #


Citando "Andreas Jellinghaus [c]" <[hidden email]>:

> Hi.
>
> Maybe --auth ff is not supported by cardos?
> I never saw anyone using that. Why don't you create
> a normale user with
> pkcs15-init -P -a 01
> and then use
> pkcs15-init -G rsa/1024 -a 01 --split-key -u sign,decrypt
> ?
>
> Also note: cardos is modular. that means some module necessary
> to do what you want to do might not be installed on your card.
> at least old etoken pro don't work for me unless some "packages"
> are installed (the windows software does that). 4.01 worked
> without (visible) packages installed on the card.
>
> Good luck!
>
> Andreas
> _______________________________________________
> opensc-user mailing list
> [hidden email]
> http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-user
>





_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: eToken Pro Error [u]

Nils Larsch
[hidden email] wrote:
> Hi,
>
> Thanks for the attention, I did everything that you told me to do, but it seems
> that nothing is happening... (see my proceedings bellow). My version of cardos
> is 4.2.5.4, this version have all the packages??

cardos 4.2.* is pretty new, at least for opensc. The current cardos
support is written for cardos m4.0 and m4.01a hence the behaviour is
somewhat undefined if you use the opensc cardos code with you token.

Nils
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: eToken Pro Error [u]

andre-4
You have some prediction about when my version will be supported?

Thanks.

Nils Larsch escreveu:

> [hidden email] wrote:
>
>> Hi,
>>
>> Thanks for the attention, I did everything that you told me to do,
>> but it seems
>> that nothing is happening... (see my proceedings bellow). My version
>> of cardos
>> is 4.2.5.4, this version have all the packages??
>
>
> cardos 4.2.* is pretty new, at least for opensc. The current cardos
> support is written for cardos m4.0 and m4.01a hence the behaviour is
> somewhat undefined if you use the opensc cardos code with you token.
>
> Nils
>


--

Atenciosamente,
__________________________________
André Luiz Cardoso
*www.bry.com.br* <http://www.bry.com.br>
Rua Lauro Linhares, 2123 Torre B Sl.306
88036-002 - Florianópolis - SC - Brasil
Fone/Fax: (48) 234-6696

*BRy* *Tecnologia - /Confiança no uso de documentos eletrônicos./*
Para adquirir seu certificado digital *clique aqui*
<https://www2.bry.com.br/loja/produtos.asp?COD_GRUPO=1>.
*Clique* <http://www.bry.com.br/produtos/signer/default.asp> e conheça o
mais completo software para assinatura digital.

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: eToken Pro Error [u]

Nils Larsch
André Luiz Cardoso wrote:
> You have some prediction about when my version will be supported?

so far I don't even have the manual for the os so I don't even
know what needs to be done in order to support cardos m4.2 ...

Nils
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: eToken Pro Error [u]

Andreas Jellinghaus-2
In reply to this post by andre-4
please run "cardos-info". 4.2.5.4 is your version of the aladdin etoken,
not the cardos version.

> In linux, I can't see my certificates generated on Windows through the
> aladdin provider. In addition, when I erase the token with pkcs-15-init -E
> (in linux), on Windows the aladdin eToken application recognizes the token
> with all the objects previously stored into it.

absolutely normal. Aladdin software is proprietory and does not conform to the
pkccs#15 standard.

your option is:
a) use opensc on both windows and linux
b) use aladdin software on both windows and linux

but you can't mix.

or you can, but then still opensc will only see things opensc has generated,
and aladdin will ony see things aladdin has generated.

those commands look ok, but I broke my development machine,
so I can't test right now. anyone else?

Regards, Andreas
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-user