Opensc No Slot With A Token Was Found
Over 4 years OpenSC PIV doesn't expose all available Yubikey 4 slots over 4 years Tokend 'forgets' the token (but pkcs11-tool still works with it OK) over 4 years pkcs11-tool writes non-BER-encoded certificates to the card.
- Jul 28, 2019 Manufacturer OpenSC Project Library OpenSC smartcard framework (ver 0.19) No slot with a token was found. After removing the USB key - this shows that pkcs11-tool is at least talking to the key here? $ pkcs11-tool -show-info Cryptoki version 2.20 Manufacturer OpenSC Project Library OpenSC smartcard framework (ver 0.19) No slots.
- When using multiple PINs and until the changes proposed by RedHat/Fedora are integrated in OpenSSH: Fedora 28: Better smart card support in OpenSSH One MUST use OpenSC’s onepin-opensc-pkcs11.so library to prevent the SSH agent from attempting to unlock all tokens/slots with the same PIN and eventually locking those tokens/slots that do not match.
- OpenSC - tools and libraries for smart cards Brought to you by: jyrjola, ludov, okir.
- After installation of above steps and your usb key will be accessible aif supported by opensc. Next is generation of public/private key pair & certificate on the token. You can create an application which access keys/certificate from the token and perform operation.
Opensc No Slot With A Token Was Found Dead
Linux version 3.7.10-1.16-desktop (***@buildhost) (gcc version 4.7.2 20130108 [gcc-4_7-branch revision 195012] (SUSE Linux) ) #1 SMP PREEMPT Fri May 31 20:21:23 UTC 2013 (97c14ba)
│ ├┬─SCx35xx v2.0 USB SC Reader │
│ │├──Bus: USB │
│ │├──Class (spec): │
│ │├──Class: Chipcard reader │
│ │├──Device Identifier: 218128 │
│ │├──Device: SCx35xx v2.0 USB SC Reader │
│ │├──Hwcfg Bus: usb │
│ │├──Model: SCM Microsystems SCx35xx v2.0 USB SC Reader │
│ │├──Old Unique Key: NLLf.qkb4Y46c0A0 ┬
│ │├──Parent Unique ID: zPk0.AJzOe6ShP50 │
│ │├+─Resources │
│ │├──Revision: 3.04 │
│ │├──Sysfs ID: /devices/pci0000:00/0000:00:13.2/usb4/4-1/4-1:1.0 │
│ │├──Sysfs ID: 4-1:1.0 │
│ │├──Unique Key: PYMB.hPVszvRlKk4 ┴
│ │├──Vendor Identifier: 197862 │
│ │├──Vendor: SCM Microsystems, Inc. │
│ │├──hotplug: usb │
│ │└──modalias: usb:v04E6p5410d0304dc00dsc00dp00ic0Bisc00ip00in00
Because it's USB I've compiled with openct (I also tried pcsc-lite).
$ opensc-tool -i
opensc 0.13.0 [gcc 4.7.2 20130108 [gcc-4_7-branch revision 195012]]
Enabled features: zlib openssl openct
$ opensc-tool --list-readers -vv
# Detected readers (openct)
Nr. Card Features Name
0x7f11036bc700 22:52:36.160 [opensc-tool] reader-openct.c:173:openct_reader_detect_card_presence: called
0 No OpenCT reader (detached)
0x7f11036bc700 22:52:36.161 [opensc-tool] reader-openct.c:173:openct_reader_detect_card_presence: called
1 No OpenCT reader (detached)
0x7f11036bc700 22:52:36.161 [opensc-tool] ctx.c:787:sc_release_context: called
0x7f11036bc700 22:52:36.161 [opensc-tool] reader-openct.c:153:openct_reader_release: called
0x7f11036bc700 22:52:36.161 [opensc-tool] reader-openct.c:153:openct_reader_release: called
0x7f11036bc700 22:52:36.161 [opensc-tool] reader-openct.c:140:openct_reader_finish: called
$ pkcs11-tool --module /usr/local/lib/opensc-pkcs11.so -L
Available slots:
Slot 0 (0xffffffffffffffff): Virtual hotplug slot
(empty)
Slot 1 (0x1): OpenCT reader (detached)
(empty)
Slot 2 (0x5): OpenCT reader (detached)
(empty)
$ pkcs11-tool --module /usr/local/lib/opensc-pkcs11.so -T
Available slots:
No slots.
What else should I look into? Is there a more suitable forum than this?
Thanks.
Show slot and token info: pkcs11-tool is a command line tool to test functions and perform operations of a PKCS#11 library in Linux. It always requires a local available working P11 module (.so in Linux or .DLL in Windows) and allows various cryptographic action. pkcs11tool is part of the OpenSC package.
PKCS#11 is a standard interface to create symmetric and asymmetric keys and perform cryptographic operations. It is mainly used to access smart card type of key media or Hardware Security Modules (HSM). Today the interface is implemented in many different applications to use hardware cryptography. PKCS#11 based on the PKCS#11 (Cryptoki) specifications. The complete specifications are available at oasis-open.org.
This post is part of #CryptoCorner my contribution to open source cryptography and secure hardware key storage to reduce risks from misunderstood and unsecure implemented key management.
You easily can view the version of a PKCS#11 library e.g the SoftHSM2 library. Replace the name and location of the .so library to your preferred PKCS#11 module:
To show a more detailed view on the slots and token use the options „-l -t“ that also starts functional test on some cryptographic methods. You need to enter the „User PIN“ of the slot to perform the tests.
These are the location of some common PKCS#11 libraries you can use:
What are these libraries?
libsofthsm2.so – The PKCS#11 library of SoftHSM2 a popular software defines key store. You need to install or compile SoftHSM2 to get this library.
libykcs11.so – The Yubico PKCS#11 library for all YubiKey token with smart card PIV functionallity. Install and compile Yubico yubico-piv-tool.
opensc-pkcs11.so – The popular OpenSC PKCS#11 library supporting many smart cards and PKI token. Install or compile opensc to use this software interface.