Re: [opencryptoki-users] OpenCryptoki 2.2.4 Problems
Brought to you by:
ebarretto
Menu
▾
▴
Re: [opencryptoki-users] OpenCryptoki 2.2.4 Problems
|
From: Daniel H J. <dan...@us...> - 2006-11-02 14:52:14
|
Hi Burak,
The new build process only creates the software token by default. To build =
a TPM token you must
explicitly use the --enable-tpmtok configure option.=20
Thanks,
Dan Jones
IBM Linux Technology Center, Security
512-838-1794 (T/L 678-1794)
dan...@us...
Burak O=D0UZ <bur...@ya...>=20
Sent by: ope...@li...
11/02/2006 01:58 AM
To
Burak O=D0UZ <bur...@ya...>, Tom Lendacky/Austin/IBM@IBMUS, Kent=20
Yoder <shp...@gm...>
cc
ope...@li...,=20
ope...@li...
Subject
Re: [opencryptoki-users] OpenCryptoki 2.2.4 Problems
This time it did not start the TPM token.
[root@dungeon opencryptoki]# pkcsconf -t
Token #0 Info:
Label: IBM OS PKCS#11
Manufacturer: IBM Corp.
Model: IBM SoftTok
Serial Number: 123
Flags: 0x880045=20
(RNG|LOGIN=5FREQUIRED|CLOCK=5FON=5FTOKEN|USER=5FPIN=5FTO=5FBE=5FCHANGED|SO=
=5FPIN=5FTO=5FBE=5FCHANGED)
Sessions: -1/-1
R/W Sessions: -1/-1
PIN Length: 4-8
Public Memory: 0xFFFFFFFF/0xFFFFFFFF
Private Memory: 0xFFFFFFFF/0xFFFFFFFF
Hardware Version: 1.0
Firmware Version: 1.0
Time: 09:53:25 AM
=20
-- burak()
(ps: bf)
METU CENG '06
----- Original Message ----
From: Burak O=D0UZ <bur...@ya...>
To: Tom Lendacky <to...@us...>; Kent Yoder <shp...@gm...>
Cc: ope...@li...;=20
ope...@li...
Sent: Thursday, November 2, 2006 9:32:33 AM
Subject: Re: [opencryptoki-users] OpenCryptoki 2.2.4 Problems
Yes I am working on trousers 0.2.8. I will check the code on the CVS.=20
I have deleted the root directory which is in the=20
/usr/local/var/lib/opencryptoki/tpm several times and each time=20
I have experienced the same problems each time.=20
I will report again after trying the cvs code.
Thanx...
=20
-- burak()
(ps: bf)
METU CENG '06
----- Original Message ----
From: Tom Lendacky <to...@us...>
To: Kent Yoder <shp...@gm...>
Cc: BurakO=D0UZ <bur...@ya...>;=20
ope...@li...;=20
ope...@li...
Sent: Wednesday, November 1, 2006 7:47:54 PM
Subject: Re: [opencryptoki-users] OpenCryptoki 2.2.4 Problems
shp...@gm... wrote on 11/01/2006 10:08:06 AM:
> Hi Burak,
> Are you using trousers 0.2.8? It looks like we haven't done an
> opencryptoki release since that release of trousers, which may be
> breaking things here. The compatibility code is in opencryptoki CVS,
> please try that out and see if it fixes this problem (if you're on
> trousers 0.2.8).
> Kent
In addition to what Kent has suggested, once the token has been
initialized (even though you received a segfault during
tpmtoken=5Finit), the "87654321" PIN is no longer valid. You will
need to use the PIN/password that you entered when you executed
the tpmtoken=5Finit command. Alternatively (since you have no data
in the token yet), you can go to /var/lib/opencryptoki/tpm (or
/usr/local/var/lib/opencryptoki/tpm if you built and installed to
/usr/local) and remove the directory that has your username (this
assumes that you have root access of course).
Thanks,
Tom
> On 11/1/06, Burak O=D0UZ <bur...@ya...> wrote:
> >
> > I have problems using cryptoki using with TPM. My TPM is working fine=20
I
am
> > sure about it.
> > I have applied the method mentioned in trousers faq. SRK is NULL.
> >
> > [root@dungeon opencryptoki]# tpmtoken=5Finit
> > A new TPM security officer password is needed. The password must be
between
> > 6 and 127 characters in length.
> > Enter new password:
> > Confirm password:
> > Segmentation fault
> > [root@dungeon opencryptoki]# tpmtoken=5Finit
> > Warning: The TPM token has already been initialized. Reinitializing=20
the
TPM
> > token will cause all TPM token data to be lost.
> > Clear the TPM token data? [y/N]: y
> > Enter the TPM security officer password:
> > C=5FInitToken failed: 0x000000a0 (160)
> >
> > I have entered SO PIN as 87654321.
> >
> > [root@dungeon opencryptoki]# pkcsconf -P -c 0
> > Enter the SO PIN: ********
> > Enter the new SO PIN: ********
> > Re-enter the new SO PIN: ********
> > Error setting PIN: 0x6
> >
> > But Cryptoki has seen my TPM.
> > [root@dungeon opencryptoki]# pkcsconf -s -t
> > Token #0 Info:
> > Label: IBM PKCS#11 TPM Token
> > Manufacturer: IBM Corp.
> > Model: TPM v1.1 Token
> > Serial Number: 123
> > Flags: 0x980445
> >
>
(RNG|LOGIN=5FREQUIRED|CLOCK=5FON=5FTOKEN|TOKEN=5FINITIALIZED|USER=5FPIN=5FT=
O=5FBE=5FCHANGED|SO=5FPIN=5FCOUNT=5FLOW|SO=5FPIN=5FTO=5FBE=5FCHANGED)
> > Sessions: -1/-1
> > R/W Sessions: -1/-1
> > PIN Length: 6-127
> > Public Memory: 0xFFFFFFFF/0xFFFFFFFF
> > Private Memory: 0xFFFFFFFF/0xFFFFFFFF
> > Hardware Version: 1.0
> > Firmware Version: 1.0
> > Time: 05:52:06 PM
> > Token #1 Info:
> > Label: IBM OS PKCS#11
> > Manufacturer: IBM Corp.
> > Model: IBM SoftTok
> > Serial Number: 123
> > Flags: 0x880045
> >
>
(RNG|LOGIN=5FREQUIRED|CLOCK=5FON=5FTOKEN|USER=5FPIN=5FTO=5FBE=5FCHANGED|SO=
=5FPIN=5FTO=5FBE=5FCHANGED)
> > Sessions: -1/-1
> > R/W Sessions: -1/-1
> > PIN Length: 4-8
> > Public Memory: 0xFFFFFFFF/0xFFFFFFFF
> > Private Memory: 0xFFFFFFFF/0xFFFFFFFF
> > Hardware Version: 1.0
> > Firmware Version: 1.0
> > Time: 05:52:06 PM
> > Slot #0 Info
> > Description: Linux 2.6.18 Linux (TPM)
> > Manufacturer: Linux 2.6.18
> > Flags: 0x5 (TOKEN=5FPRESENT|HW=5FSLOT)
> > Hardware Version: 0.0
> > Firmware Version: 1.1
> > Slot #1 Info
> > Description: Linux 2.6.18 Linux (Soft)
> > Manufacturer: Linux 2.6.18
> > Flags: 0x1 (TOKEN=5FPRESENT)
> > Hardware Version: 0.0
> > Firmware Version: 1.1
> >
> > Do you have any idea what is going on? What should I do?
> >
> > Thanx in advance.
> > -- burak()
> > (ps: bf)
> > METU CENG '06
> >
> >
> >
> >
-------------------------------------------------------------------------
> > Using Tomcat but need to do more? Need to support web services,
security?
> > Get stuff done quickly with pre-integrated technology to make your job
> > easier
> > Download IBM WebSphere Application Server v.1.0.1 based on Apache
Geronimo
> >
http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D120709&bid=3D263057&dat=3D1=
21642
> >
> > =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F
> > opencryptoki-users mailing list
> > ope...@li...
> > https://lists.sourceforge.net/lists/listinfo/opencryptoki-users
> >
> >
> >
>
> --
> Kent Yoder
> IBM LTC Security Dev.
>=20
-------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services,=20
security?
> Get stuff done quickly with pre-integrated technology to make your job
easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache
Geronimo
> http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D120709&bid=3D263057&dat=
=3D121642
> =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F
> opencryptoki-users mailing list
> ope...@li...
> https://lists.sourceforge.net/lists/listinfo/opencryptoki-users
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job=20
easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D120709&bid=3D263057&dat=3D1=
21642
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F
opencryptoki-users mailing list
ope...@li...
https://lists.sourceforge.net/lists/listinfo/opencryptoki-users
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job=20
easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D120709&bid=3D263057&dat=3D1=
21642
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F
opencryptoki-users mailing list
ope...@li...
https://lists.sourceforge.net/lists/listinfo/opencryptoki-users
|
