** Description changed: Binary package hint: opensc Hello, we are using OpenSC to authenticate our users and allow access to our Intranet. On Jaunty this worked fine but under Karmic it is e.g. not possible to sign data using our smartcards. Here the output of my testscript under Karmic: --8<---8<--- # dpkg -l opensc libopensc2 libccid pcscd libpcsclite1 linux-image-generic # dpkg -l opensc libopensc2 libccid pcscd libpcsclite1 linux-image-generic Gewünscht=Unbekannt/Installieren/R=Entfernen/P=Vollständig Löschen/Halten | Status=Nicht/Installiert/Config/U=Entpackt/Fehlgeschl. Konfiguration/ - Halb installiert/Trigger erWartet/Trigger anhängig + Halb installiert/Trigger erWartet/Trigger anhängig |/ Fehler?=(kein)/R=Neuinstallation notwendig (Status, Fehler: GROSS=schlecht) ||/ Name Version Beschreibung +++-==================-==================-==================================================== ii libccid 1.3.10-1 PC/SC driver for USB CCID smart card readers ii libopensc2 0.11.8-1ubuntu1 SmartCard library with support for PKCS#15 compatibl ii libpcsclite1 1.5.3-1ubuntu1 Middleware to access a smart card using PC/SC (libra ii linux-image-generi 2.6.31.16.29 Generic Linux kernel image ii opensc 0.11.8-1ubuntu1 SmartCard utilities with support for PKCS#15 compati ii pcscd 1.5.3-1ubuntu1 Middleware to access a smart card using PC/SC (daemo # opensc-tool -l Readers known about: Nr. Driver Name 0 pcsc SCM SCR 335 (21120738300434) 00 00 # pkcs11-tool -l -t Please enter User PIN: C_SeedRandom() and C_GenerateRandom(): - seeding (C_SeedRandom) not supported - seems to be OK + seeding (C_SeedRandom) not supported + seems to be OK Digests: - all 4 digest functions seem to work - MD5: OK - SHA-1: OK - RIPEMD160: OK + all 4 digest functions seem to work + MD5: OK + SHA-1: OK + RIPEMD160: OK Signatures (currently only RSA signatures) - testing key 0 (Private Key) + testing key 0 (Private Key) error: PKCS11 function C_SignFinal failed: rv = CKR_GENERAL_ERROR (0x5) Aborting. ----8<----8<----- The same script under Jaunty runs without errors: ----8<----8<----- # ./smartcard-test.sh # dpkg -l opensc libopensc2 libccid pcscd libpcsclite1 linux-image-generic Gewünscht=Unbekannt/Installieren/R=Entfernen/P=Vollständig Löschen/Halten | Status=Nicht/Installiert/Config/U=Entpackt/Fehlgeschl. Konfiguration/ - Halb installiert/Trigger erWartet/Trigger anhängig + Halb installiert/Trigger erWartet/Trigger anhängig |/ Fehler?=(kein)/Halten/R=Neuinst notw/X=beide (Status, Fehler: GROSS=schlecht) ||/ Name Version Beschreibung +++-==================-==================-==================================================== ii libccid 1.3.8-1 PC/SC driver for USB CCID smart card readers ii libopensc2 0.11.4-5ubuntu1 SmartCard library with support for PKCS#15 compatibl ii libpcsclite1 1.4.102-1ubuntu2 Middleware to access a smart card using PC/SC (libra ii linux-image-generi 2.6.28.17.22 Generic Linux kernel image ii opensc 0.11.4-5ubuntu1 SmartCard utilities with support for PKCS#15 compati ii pcscd 1.4.102-1ubuntu2 Middleware to access a smart card using PC/SC (daemo # opensc-tool -l Readers known about: Nr. Driver Name 0 pcsc SCM SCR 335 00 00 # pkcs11-tool -l -t Please enter User PIN: C_SeedRandom() and C_GenerateRandom(): - not implemented + not implemented Digests: - all 4 digest functions seem to work - MD5: OK - SHA-1: OK - RIPEMD160: OK + all 4 digest functions seem to work + MD5: OK + SHA-1: OK + RIPEMD160: OK Signatures (currently only RSA signatures) - testing key 0 (Private Key) - all 4 signature functions seem to work - testing signature mechanisms: - RSA-PKCS: OK - SHA1-RSA-PKCS: OK - MD5-RSA-PKCS: OK - RIPEMD160-RSA-PKCS: OK + testing key 0 (Private Key) + all 4 signature functions seem to work + testing signature mechanisms: + RSA-PKCS: OK + SHA1-RSA-PKCS: OK + MD5-RSA-PKCS: OK + RIPEMD160-RSA-PKCS: OK Verify (currently only for RSA): - testing key 0 (Private Key) - RSA-PKCS: OK - SHA1-RSA-PKCS: OK - MD5-RSA-PKCS: OK - RIPEMD160-RSA-PKCS: OK + testing key 0 (Private Key) + RSA-PKCS: OK + SHA1-RSA-PKCS: OK + MD5-RSA-PKCS: OK + RIPEMD160-RSA-PKCS: OK Key unwrap (RSA) - testing key 0 (Private Key) - DES-CBC: OK - DES-EDE3-CBC: OK - BF-CBC: OK - CAST5-CFB: OK + testing key 0 (Private Key) + DES-CBC: OK + DES-EDE3-CBC: OK + BF-CBC: OK + CAST5-CFB: OK Decryption (RSA) - testing key 0 (Private Key) - RSA-PKCS: OK + testing key 0 (Private Key) + RSA-PKCS: OK Testing card detection Please press return to continue, x to exit: x Testing card detection using C_WaitForSlotEvent Please press return to continue, x to exit: x No errors ----8<----8<----- The debug output from opensc (debug-level 99) is attached. Kind regards, Dominik Fischer + + SRU JUSTIFICATION: breaks backwards-compatibility with any starcos + cards that were initialized using opensc from Ubuntu 9.04 or earlier. + + TEST CASE: + must be verified by someone in possession of the starcos hardware. + 1. initialize a starcos smartcard with opensc in jaunty. + 2. verify that 'sudo pkcs11-tool -l -t' works. + 2. upgrade to karmic. verify that 'sudo pkcs11-tool -l -t' now fails. + 3. install libopensc2 and opensc from karmic-proposed. + 4. verify that 'sudo pkcs11-tool -l -t' again works. + 5. downgrade to the karmic version of libopensc2 and opensc, and initialize a (new?) card. + 6. verify that 'sudo pkcs11-tool -l -t' works. + 7. install libopensc2 and opensc from karmic-proposed. + 8. verify that 'sudo pkcs11-tool -l -t' still works. + + REGRESSION POTENTIAL: + Although we can confirm that cards initialized with opensc << 0.11.5 aren't usable with karmic and therefore have zero chance of regression, it's OTOH possible (though unlikely) that this change will inadvertently break compatibility with starcos cards that users have already initialized with karmic and are using successfully. It does not seem likely that we will have other starcos smartcard users who can test this possibility for us, so we are dependent on Dominik to test against this potential regression for us if he's willing.
-- PKCS#11 signing does not work https://bugs.launchpad.net/bugs/495410 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
