Re: [opencryptoki-users] OpenCryptoki 2.2.4 Problems

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

shp...@gm... wrote on 11/01/2006 10:08:06 AM:

> Hi Burak,

> Are you using trousers 0.2.8?  It looks like we haven't done an
> opencryptoki release since that release of trousers, which may be
> breaking things here.  The compatibility code is in opencryptoki CVS,=

> please try that out and see if it fixes this problem (if you're on
> trousers 0.2.8).

> Kent

In addition to what Kent has suggested, once the token has been
initialized (even though you received a segfault during
tpmtoken_init), the "87654321" PIN is no longer valid. You will
need to use the PIN/password that you entered when you executed
the tpmtoken_init command.  Alternatively (since you have no data
in the token yet), you can go to /var/lib/opencryptoki/tpm (or
/usr/local/var/lib/opencryptoki/tpm if you built and installed to
/usr/local) and remove the directory that has your username (this
assumes that you have root access of course).

Thanks,
Tom

> On 11/1/06, Burak O=D0UZ <bur...@ya...> wrote:
> >
> > I have problems using cryptoki using with TPM. My TPM is working fi=
ne I
am
> > sure about it.
> > I have applied the method mentioned in trousers faq. SRK is NULL.
> >
> > [root@dungeon opencryptoki]# tpmtoken_init
> > A new TPM security officer password is needed. The password must be=

between
> > 6 and 127 characters in length.
> > Enter new password:
> > Confirm password:
> > Segmentation fault
> > [root@dungeon opencryptoki]# tpmtoken_init
> > Warning: The TPM token has already been initialized. Reinitializing=
 the
TPM
> > token will cause all TPM token data to be lost.
> > Clear the TPM token data? [y/N]: y
> > Enter the TPM security officer password:
> > C_InitToken failed: 0x000000a0 (160)
> >
> > I have entered SO PIN as 87654321.
> >
> > [root@dungeon opencryptoki]# pkcsconf -P -c 0
> > Enter the SO PIN: ********
> > Enter the new SO PIN: ********
> > Re-enter the new SO PIN: ********
> > Error setting PIN: 0x6
> >
> > But Cryptoki has seen my TPM.
> > [root@dungeon opencryptoki]# pkcsconf -s -t
> > Token #0 Info:
> >         Label: IBM PKCS#11 TPM Token
> >         Manufacturer: IBM Corp.
> >         Model: TPM v1.1 Token
> >         Serial Number: 123
> >         Flags: 0x980445
> >
>
(RNG|LOGIN_REQUIRED|CLOCK_ON_TOKEN|TOKEN_INITIALIZED|USER_PIN_TO_BE_CHA=
NGED|SO_PIN_COUNT_LOW|SO_PIN_TO_BE_CHANGED)

> >         Sessions: -1/-1
> >         R/W Sessions: -1/-1
> >         PIN Length: 6-127
> >         Public Memory: 0xFFFFFFFF/0xFFFFFFFF
> >         Private Memory: 0xFFFFFFFF/0xFFFFFFFF
> >         Hardware Version: 1.0
> >         Firmware Version: 1.0
> >         Time: 05:52:06 PM
> > Token #1 Info:
> >         Label: IBM OS PKCS#11
> >         Manufacturer: IBM Corp.
> >         Model: IBM SoftTok
> >         Serial Number: 123
> >         Flags: 0x880045
> >
>
(RNG|LOGIN_REQUIRED|CLOCK_ON_TOKEN|USER_PIN_TO_BE_CHANGED|SO_PIN_TO_BE_=
CHANGED)

> >         Sessions: -1/-1
> >         R/W Sessions: -1/-1
> >         PIN Length: 4-8
> >         Public Memory: 0xFFFFFFFF/0xFFFFFFFF
> >         Private Memory: 0xFFFFFFFF/0xFFFFFFFF
> >         Hardware Version: 1.0
> >         Firmware Version: 1.0
> >         Time: 05:52:06 PM
> > Slot #0 Info
> >         Description: Linux 2.6.18 Linux (TPM)
> >         Manufacturer: Linux 2.6.18
> >         Flags: 0x5 (TOKEN_PRESENT|HW_SLOT)
> >         Hardware Version: 0.0
> >         Firmware Version: 1.1
> > Slot #1 Info
> >         Description: Linux 2.6.18 Linux (Soft)
> >         Manufacturer: Linux 2.6.18
> >         Flags: 0x1 (TOKEN_PRESENT)
> >         Hardware Version: 0.0
> >         Firmware Version: 1.1
> >
> > Do you have any idea what is going on? What should I do?
> >
> > Thanx in advance.
> >  -- burak()
> > (ps: bf)
> > METU CENG '06
> >
> >
> >
> >
-----------------------------------------------------------------------=
--
> > Using Tomcat but need to do more? Need to support web services,
security?
> > Get stuff done quickly with pre-integrated technology to make your =
job
> > easier
> > Download IBM WebSphere Application Server v.1.0.1 based on Apache
Geronimo
> >
http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D120709&bid=3D263057&dat=
=3D121642
> >
> > _______________________________________________
> > opencryptoki-users mailing list
> > ope...@li...
> > https://lists.sourceforge.net/lists/listinfo/opencryptoki-users
> >
> >
> >

>
> --
> Kent Yoder
> IBM LTC Security Dev.

> ---------------------------------------------------------------------=
----
> Using Tomcat but need to do more? Need to support web services, secur=
ity?
> Get stuff done quickly with pre-integrated technology to make your jo=
b
easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache
Geronimo
> http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D120709&bid=3D263057&d=
at=3D121642
> _______________________________________________
> opencryptoki-users mailing list
> ope...@li...
> https://lists.sourceforge.net/lists/listinfo/opencryptoki-users=