OpenSC › Developer

sc-hsm-tool --create-dkek-share fails with message "Error generating random number failed with Transmit failed"

Classic

List

Threaded

4 messages Options

Leonardo Brondani Schenkel-2

sc-hsm-tool --create-dkek-share fails with message "Error generating random number failed with Transmit failed"

Hi all,

I'm trying out a SmartCard-HSM 1.2 with OpenSC 0.13.0g20140316163538 on
64-bit Windows 8.1 (both 64- and 32-bit versions of OpenSC are installed).

I was testing the backup/restore functionality with one DKEK share but
the following command:

sc-hsm-tool --create-dkek-share test.dkek --password password

results in:

Using reader with a card: Feitian SCR301 0
Enciphering DKEK share, please wait... [pauses for a few seconds here]
Error generating random number failed with Transmit failed

I have attached a trace of running the command with OPENSC_DEBUG=3.
I tried a different card readers and I'm getting the same result.

Any clues?

// Leonardo.

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel

debug.txt (46K) Download Attachment

Andreas Schwier (ML)

Re: sc-hsm-tool --create-dkek-share fails with message "Error generating random number failed with Transmit failed"

Hi Leonardo,

this error occurs if more than one process is accessing the card and the
other process performs a reset. Please check if other processes on the
machine are accessing the card at the same time.

SCARD_W_RESET_CARD 0x80100068 The smart card was reset.

Andreas

On 04/14/2014 12:42 PM, Leonardo Brondani Schenkel wrote:

> Hi all,
>
> I'm trying out a SmartCard-HSM 1.2 with OpenSC 0.13.0g20140316163538 on
> 64-bit Windows 8.1 (both 64- and 32-bit versions of OpenSC are installed).
>
> I was testing the backup/restore functionality with one DKEK share but
> the following command:
>
> sc-hsm-tool --create-dkek-share test.dkek --password password
>
> results in:
>
> Using reader with a card: Feitian SCR301 0
> Enciphering DKEK share, please wait... [pauses for a few seconds here]
> Error generating random number failed with Transmit failed
>
> I have attached a trace of running the command with OPENSC_DEBUG=3.
> I tried a different card readers and I'm getting the same result.
>
> Any clues?
>
> // Leonardo.
>
>
>
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/NeoTech
>
>
>
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel

Leonardo Brondani Schenkel-2

Re: sc-hsm-tool --create-dkek-share fails with message "Error generating random number failed with Transmit failed"

On 14/04/2014 12:57, Andreas Schwier wrote:
> Hi Leonardo,
>
> this error occurs if more than one process is accessing the card and the
> other process performs a reset. Please check if other processes on the
> machine are accessing the card at the same time.
>
> SCARD_W_RESET_CARD 0x80100068 The smart card was reset.

Hi Andreas,

Thanks for the input. That should indeed be the problem; I tried with a
Linux VM capturing the USB reader and compiled the same code from source
and it worked.

However, back to my Windows box: I tried rebooting my machine, killing
all other processes and unnecessary services, restarting the smart card
service, even reinstalling opensc, and I'm still getting the same error.
I used Process Explorer and killed almost my whole system and I checked
that there are no other processes that have loaded "winscard.dll"
besides sc-hsm-tool. Is still fails with the same error.

Note that in this same Windows box I can use sc-hsm-tool and the other
OpenSC commands and reinitialize the card, generate keys, perform crypto
operations, etc. Only the aforementioned command fails. Maybe it's
requiring a different kind of access? (I'll need to check the source.)

I wonder if anybody else can run the command in a Windows (8.1) box?

// Leonardo.

>
> Andreas
>
>
> On 04/14/2014 12:42 PM, Leonardo Brondani Schenkel wrote:
>> Hi all,
>>
>> I'm trying out a SmartCard-HSM 1.2 with OpenSC 0.13.0g20140316163538 on
>> 64-bit Windows 8.1 (both 64- and 32-bit versions of OpenSC are installed).
>>
>> I was testing the backup/restore functionality with one DKEK share but
>> the following command:
>>
>> sc-hsm-tool --create-dkek-share test.dkek --password password
>>
>> results in:
>>
>> Using reader with a card: Feitian SCR301 0
>> Enciphering DKEK share, please wait... [pauses for a few seconds here]
>> Error generating random number failed with Transmit failed
>>
>> I have attached a trace of running the command with OPENSC_DEBUG=3.
>> I tried a different card readers and I'm getting the same result.
>>
>> Any clues?
>>
>> // Leonardo.
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Learn Graph Databases - Download FREE O'Reilly Book
>> "Graph Databases" is the definitive new guide to graph databases and their
>> applications. Written by three acclaimed leaders in the field,
>> this first edition is now available. Download your free book today!
>> http://p.sf.net/sfu/NeoTech
>>
>>
>>
>> _______________________________________________
>> Opensc-devel mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>>
>
>
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/NeoTech
>

Martin Paljak-4

Re: sc-hsm-tool --create-dkek-share fails with message "Error generating random number failed with Transmit failed"

In reply to this post by Andreas Schwier (ML)

On 14/04/14 11:57 , Andreas Schwier wrote:
> this error occurs if more than one process is accessing the card
> and the other process performs a reset. Please check if other
> processes on the machine are accessing the card at the same time.

If it is a multi-step operation, shouldn't it happen inside a
transaction, with the card locked?

If not I'd take this as a bug/enhancement notice.

--
Martin
+372 515 6495

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel