Ok, now i rebooted and have reproducable steps. I am using a Feitian PKI ePass Token.
My steps: 1. ubuntu 11.04 (oneiric) pkcs15-init failed because of missing pkcs15.profile Using reader with a card: Feitian SCR301 00 00 Couldn't bind to the card: File not found 2. now i copy old profile files as root: mkdir /usr/share/opensc wget http://archive.ubuntu.com/ubuntu/pool/universe/o/opensc/opensc_0.11.13.orig.tar.gz tar -xzf opensc_0.11.13.orig.tar.gz cp opensc-0.11.13/src/pkcs15init/*profile /usr/share/opensc/ rm -Rf opensc-0.11.13 opensc_0.11.13.orig.tar.gz 3. Now i can erase the card: $ pkcs15-init -E Using reader with a card: Feitian SCR301 00 00 $ pkcs15-tool -D Using reader with a card: Feitian SCR301 00 00 PKCS#15 Card [(null)]: Version : 0 Serial number : 3047475113131210 Manufacturer ID: entersafe Flags : 4. Now i initalize the card with my p12 file (still on 11.10) $ pkcs15-init -E $ pkcs15-init --create-pkcs15 --profile pkcs15+onepin --use-default-transport-key $ pkcs15-init --store-private-key my.p12 --format pkcs12 --auth-id 01 Importing 2 certificates: 0: /C=DE/ST=Germany/... 1: /C=DE/ST=Germany/... I can dump the content with pkcs15-tool -D Everything *seems* to be fine fine. But some operations are very slow... 5. Now i try to connect to my ssh server, it fails (still on 11.10) $ ssh -I /usr/lib/opensc-pkcs11.so zentrale.kicktipp.de C_GetTokenInfo failed: 224 Enter PIN for 'label (User PIN)': C_Login failed: 160 ssh_rsa_sign: RSA_sign failed: error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library me@myhost's password: 6. Now i reboot into 11.04 ssh still fails with this token, which was initailized under 11.10 $ ssh -I /usr/lib/opensc-pkcs11.so myhost [opensc-pkcs11] iso7816.c:99:iso7816_check_sw: File not found [opensc-pkcs11] iso7816.c:462:iso7816_select_file: returning with: File not found [opensc-pkcs11] card-entersafe.c:467:entersafe_select_fid: APDU transmit failed: File not found [opensc-pkcs11] card.c:554:sc_select_file: returning with: File not found [opensc-pkcs11] pkcs15-sec.c:56:select_key_file: sc_select_file() failed: File not found [opensc-pkcs11] pkcs15-sec.c:260:sc_pkcs15_compute_signature: Unable to select private key file: File not found C_Sign failed: 5 7. reinit the token under 11.04 with the same p12 file and same commands as 4. above looks fine (and it is!) 8. try ssh under 11.04 $ ssh -I /usr/lib/opensc-pkcs11.so myhost works now like a charm 9. rebooting again to check this token under 11.10 (But token was initialized under 11.04) ssh -I /usr/lib/opensc-pkcs11.so myhost C_GetTokenInfo failed: 224 Enter PIN for 'label (User PIN)': Last login: Sun Nov 20 13:19:50 2011 from ... $ So it still workes but shows one error message. It seems to me that packaging of opensc is completly broken. Please fix it! If i can help you in any way, please let me know. regards janning -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/872019 Title: pkcs15 profiles not packaged, pkcs15-init not functional To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/872019/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
