Package: opensc Version: 0.11.4-5 I'm unable to change the label of any item on a hardware token with pkcs15-init. The error reported is "Security status not satisfied".
I'm working with a CryptoFlex E-Gate 32K USB token on an i386
platform, using openct 0.6.14-3 as the middleware framework.
The device has a Security Officer PIN and PUK set, and a single
"regular user" PIN and PUK. There is one 2048-bit RSA private key on
the device (generated by the hardware), the corresponding public key
element, an X.509 certificate of a separate CA (marked "Authority")
and an X.509 certificate (not marked "Authority") corresponding to the
device's private key, and issued by the associated CA.
I'm unable to change the labels of any of the elements on the device,
since it always says "security status not satisfied". Based on a
mailing list search [0], i've tested this with lock_login set to both
true and false in /etc/opensc/opensc.conf, and it fails both ways.
Below is a -vv transcript of an attempt to change the label of the
pubkey. If i can provide any extra debugging assistance (i've
actually got a spare device i can experiment on), please don't
hesistate to ask.
What should i try next?
Regards,
--dkg
[0] http://article.gmane.org/gmane.comp.encryption.opensc.user/1161
[0 [EMAIL PROTECTED] cryptotokens]$ pkcs15-init -A pubkey --id 45 --label
'Monkey Man' --verbose --verbose
[pkcs15-init] sc.c:196:sc_detect_card_presence: called
[pkcs15-init] reader-openct.c:204:openct_reader_detect_card_presence: called
[pkcs15-init] sc.c:201:sc_detect_card_presence: returning with: 1
Connecting to card in reader Schlumberger E-Gate...
[pkcs15-init] card.c:110:sc_connect_card: called
[pkcs15-init] reader-openct.c:228:openct_reader_connect: called
[pkcs15-init] card.c:221:sc_connect_card: card info: Cryptoflex 32K e-gate,
2002, 0x1
[pkcs15-init] card.c:222:sc_connect_card: returning with: 0
Using card driver Schlumberger Multiflex/Cryptoflex.
[pkcs15-init] reader-openct.c:420:openct_reader_lock: called
[pkcs15-init] card.c:675:sc_card_ctl: card_ctl(4) not supported
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f0050154946
[pkcs15-init] card.c:554:sc_select_file: returning with: 0
[pkcs15-init] pkcs15.c:706:sc_pkcs15_bind: called
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f002f00
[pkcs15-init] card.c:554:sc_select_file: returning with: 0
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f005015
[pkcs15-init] card.c:554:sc_select_file: returning with: 0
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f0050155031
[pkcs15-init] card.c:554:sc_select_file: returning with: 0
[pkcs15-init] pkcs15.c:623:sc_pkcs15_bind_internal: The following DFs were
found:
[pkcs15-init] pkcs15.c:633:sc_pkcs15_bind_internal: DF type 8, path
3f0050154401, index 0, count -1
[pkcs15-init] pkcs15.c:633:sc_pkcs15_bind_internal: DF type 0, path
3f0050154402, index 0, count -1
[pkcs15-init] pkcs15.c:633:sc_pkcs15_bind_internal: DF type 1, path
3f0050154403, index 0, count -1
[pkcs15-init] pkcs15.c:633:sc_pkcs15_bind_internal: DF type 4, path
3f0050154404, index 0, count -1
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f0050155032
[pkcs15-init] card.c:554:sc_select_file: returning with: 0
Found OpenSC Card
About to change attribute(s).
[pkcs15-init] pkcs15.c:1599:sc_pkcs15_read_file: called, path=3f0050154403,
index=0, count=-1
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f0050154403
[pkcs15-init] card.c:554:sc_select_file: returning with: 0
[pkcs15-init] pkcs15-lib.c:3386:sc_pkcs15init_update_file: called,
path=3f0050154403, 55 bytes
[pkcs15-init] card.c:532:sc_select_file: called; type=2, path=3f0050154403
[pkcs15-init] card.c:554:sc_select_file: returning with: 0
[pkcs15-init] pkcs15-lib.c:3261:sc_pkcs15init_authenticate: path=3f0050154403,
op=1
[pkcs15-init] iso7816.c:99:iso7816_check_sw: Security status not satisfied
[pkcs15-init] iso7816.c:290:iso7816_update_binary: Card returned error:
Security status not satisfied
[pkcs15-init] card.c:514:sc_update_binary: returning with: Security status not
satisfied
[pkcs15-init] card.c:499:sc_update_binary: sc_update_binary() failed: Security
status not satisfied
Failed to change attribute(s): Security status not satisfied
[pkcs15-init] pkcs15.c:781:sc_pkcs15_unbind: called
[pkcs15-init] reader-openct.c:445:openct_reader_unlock: called
[pkcs15-init] card.c:236:sc_disconnect_card: called
[pkcs15-init] reader-openct.c:275:openct_reader_disconnect: called
[pkcs15-init] card.c:251:sc_disconnect_card: returning with: 0
[pkcs15-init] ctx.c:738:sc_release_context: called
[pkcs15-init] reader-openct.c:178:openct_reader_release: called
[pkcs15-init] reader-openct.c:178:openct_reader_release: called
[pkcs15-init] reader-openct.c:178:openct_reader_release: called
[pkcs15-init] reader-openct.c:178:openct_reader_release: called
[pkcs15-init] reader-openct.c:178:openct_reader_release: called
[pkcs15-init] reader-openct.c:164:openct_reader_finish: called
[1 [EMAIL PROTECTED] cryptotokens]$
pgp3oD3jrxoUN.pgp
Description: PGP signature
