Comments (4)
I think we would need the OpenSC debug log to see what is going on there with the token. The pkcs11 spy trace looks completely reasonable to the extent I can see just from the function names.
If it is just one user, it might be anything from lose wire or worn out memory in the token, but again, without opensc debug its hard to guess if it could be inside of opensc or the token itself. The epass tokens encrypt the pin so there is a possiblity that we do it somehow wrong, which causes random failures. But I did not see this issue with the tokens we have in CI over last couple of months:
https://gitlab.com/redhat-crypto/OpenSC/-/pipelines?page=1&scope=all&ref=epass2003
There were also many changes to the driver over the last years so OpenSC version information would be useful too.
from opensc.
The epass tokens encrypt the pin so there is a possiblity that we do it somehow wrong, which causes random failures.
As far as epass2003 is concerned, I don't think we have a problem here, the PIN entered by the user is hashed and then authenticated using external auth. External auth in this case uses hashed PIN as a key to encrypt the challenge from the card.
Without a more precise log, it is not possible to analyze why C_Login fails.
from opensc.
Alright, thanks for the feedback thus far. I'll see if I can have the user get some more detailed logs.
from opensc.
This may be related to #2843 To help identify your ePass2003 type can you run:
opensc-tool --card-driver default -a --send-apdu 00:CA:01:86:00
from opensc.
Related Issues (20)
- Support D-Trust Card 5.1 (Std. RSA CardOS6.0) with CAN HOT 20
- Compilation error HOT 3
- SmartCard-HSM DKEK share error "error generating random number failed with transmit failed" HOT 1
- Chrome / Chromium crashes HOT 3
- crash in pcsc_transmit -> sc_apdu_log -> sc_hex_dump HOT 1
- Recursion too deep in piv_card_reader_lock_obtained HOT 12
- asymmetric key encryption in pkcs11 module does not work
- Use ccache to speed up CI builds
- Windows certificate caching in GIDS HOT 2
- OpenSC + Smartcard-HSM + secp521r1 + OpenSSH = signing failed for ECDSA "secp521r1": error in libcrypto HOT 12
- Unable to generate RSA key using piv-tool HOT 6
- OpenSC Minidriver with PIVApplet + ECC keys on Win11: error on slot 9c - public key does not match private key HOT 28
- MacOS S/MIME Outlook or Mail.app no certificates on Yubikey smartcard detected HOT 17
- OpenSC build for macOS M1 Pro HOT 10
- OpenSC 0.25.1 + SmartCard-HSM 3.6 + brainpoolP256t1 = `point is not on curve` HOT 3
- RSA padding in release 0.25.1 HOT 3
- French eID - reading HOT 1
- OpenSC Minidriver Does Not Display the Second Key Container of JPKI Card When certutil -scinfo Is Executed HOT 30
- Closing orphaned open sessions HOT 2
- Extend the tests with PivApplet to use piv-tool instead of yubico-piv-tool
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from opensc.