Re: [opencryptoki-users] OpenCryptoki 2.2.4 Problems
Brought to you by:
ebarretto
From: <bur...@ya...> - 2006-11-03 07:32:24
|
After configuring with --enable-tpmtok , it started to see the soft token a= s token #1. It still did not started the tpm token. I mean token #0 is unoc= cupied. Should I roll back to the trousers 0.2.7 in order to use opencrypto= ki?=0A =0A-- burak()=0A(ps: bf)=0AMETU CENG '06=0A=0A----- Original Message= ----=0AFrom: Daniel H Jones <dan...@us...>=0ATo: BurakO=D0UZ <burak= og...@ya...>=0ACc: BurakO=D0UZ <bur...@ya...>; opencryptoki-use= rs...@li...; ope...@li...;= Kent Yoder <shp...@gm...>; Tom Lendacky <to...@us...>=0ASent: = Thursday, November 2, 2006 4:51:54 PM=0ASubject: Re: [opencryptoki-users] O= penCryptoki 2.2.4 Problems=0A=0A=0A=0AHi Burak,=0A=0AThe new build process = only creates the=0Asoftware token by default. To build a TPM token you must= =0A=0Aexplicitly use the --enable-tpmtok configure=0Aoption. =0A=0A=0A=0ATh= anks,=0A=0ADan Jones=0A=0AIBM Linux Technology Center, Security=0A=0A512-83= 8-1794 (T/L 678-1794)=0A=0Ad...@us...=0A=0A=0A=0A=0A=0A=0A=0A=0ABu= rak O=D0UZ <bur...@ya...>=0A=0A=0ASent by: opencryptoki-users-bounc= es...@li...=0A11/02/2006 01:58 AM=0A=0A=0A=0A=0A=0ATo=0A=0ABur= ak O=D0UZ <bur...@ya...>,=0ATom Lendacky/Austin/IBM@IBMUS, Kent Yod= er <shp...@gm...>=0A=0A=0Acc=0A=0Ao...@li...urcefo= rge.net,=0Ao...@li...=0A=0A=0ASubject= =0A=0ARe: [opencryptoki-users] OpenCryptoki=0A2.2.4 Problems=0A=0A=0A=0A=0A= =0A=0A=0A=0A=0A=0A=0A=0A=0A=0A=0AThis time it did not start the TPM token.= =0A=0A=0A=0A[root@dungeon opencryptoki]# pkcsconf -t=0A=0AToken #0 Info:=0A= =0A Label: IBM OS PKCS#11=0A=0A Manufacturer: IBM Corp.=0A=0A= Model: IBM SoftTok=0A=0A Serial Number: 123=0A=0A Fla= gs: 0x880045 (RNG|LOGIN_REQUIRED|CLOCK_ON_TOKEN|USER_PIN_TO_BE_CHANGED|SO_P= IN_TO_BE_CHANGED)=0A=0A Sessions: -1/-1=0A=0A R/W Sessions: -= 1/-1=0A=0A PIN Length: 4-8=0A=0A Public Memory: 0xFFFFFFFF/0x= FFFFFFFF=0A=0A Private Memory: 0xFFFFFFFF/0xFFFFFFFF=0A=0A Ha= rdware Version: 1.0=0A=0A Firmware Version: 1.0=0A=0A Time: 0= 9:53:25 AM=0A=0A=0A=0A=0A=0A =0A=0A-- burak()=0A=0A(ps: bf)=0A=0AMETU CENG = '06=0A=0A=0A=0A=0A=0A----- Original Message ----=0A=0AFrom: Burak O=D0UZ <b= ura...@ya...>=0A=0ATo: Tom Lendacky <to...@us...>; Kent Yoder <s= hpe...@gm...>=0A=0ACc: ope...@li...; ope= ncr...@li...=0A=0ASent: Thursday, November= 2, 2006 9:32:33 AM=0A=0ASubject: Re: [opencryptoki-users] OpenCryptoki 2.2= .4 Problems=0A=0A=0A=0AYes I am working on trousers 0.2.8. I will=0Acheck t= he code on the CVS. =0A=0AI have deleted the root directory which is in the= /usr/local/var/lib/opencryptoki/tpm=0Aseveral times and each time =0A=0AI = have experienced the same problems each time. =0A=0A=0A=0AI will report aga= in after trying the cvs code.=0A=0A=0A=0AThanx...=0A=0A =0A=0A-- burak()=0A= =0A(ps: bf)=0A=0AMETU CENG '06=0A=0A=0A=0A=0A=0A----- Original Message ----= =0A=0AFrom: Tom Lendacky <to...@us...>=0A=0ATo: Kent Yoder <shpedoikal@= gmail.com>=0A=0ACc: BurakO=D0UZ <bur...@ya...>; opencryptoki-users@= lists.sourceforge.net;=0Ao...@li...= =0A=0ASent: Wednesday, November 1, 2006 7:47:54 PM=0A=0ASubject: Re: [openc= ryptoki-users] OpenCryptoki 2.2.4 Problems=0A=0A=0A=0As...@gm... = wrote on 11/01/2006=0A10:08:06 AM:=0A=0A=0A=0A> Hi Burak,=0A=0A=0A=0A> Are = you using trousers 0.2.8? It looks like we haven't done=0Aan=0A=0A> opencr= yptoki release since that release of trousers, which may be=0A=0A> breaking= things here. The compatibility code is in opencryptoki=0ACVS,=0A=0A> plea= se try that out and see if it fixes this problem (if you're on=0A=0A> trous= ers 0.2.8).=0A=0A=0A=0A> Kent=0A=0A=0A=0AIn addition to what Kent has sugge= sted, once the token has been=0A=0Ainitialized (even though you received a = segfault during=0A=0Atpmtoken_init), the "87654321" PIN is no longer valid.= You will=0A=0Aneed to use the PIN/password that you entered when you execu= ted=0A=0Athe tpmtoken_init command. Alternatively (since you have no data= =0A=0Ain the token yet), you can go to /var/lib/opencryptoki/tpm (or=0A=0A/= usr/local/var/lib/opencryptoki/tpm if you built and installed to=0A=0A/usr/= local) and remove the directory that has your username (this=0A=0Aassumes t= hat you have root access of course).=0A=0A=0A=0AThanks,=0A=0ATom=0A=0A=0A= =0A> On 11/1/06, Burak O=D0UZ <bur...@ya...> wrote:=0A=0A> >=0A=0A>= > I have problems using cryptoki using with TPM. My TPM is working=0Afine = I=0A=0Aam=0A=0A> > sure about it.=0A=0A> > I have applied the method mentio= ned in trousers faq. SRK is NULL.=0A=0A> >=0A=0A> > [root@dungeon opencrypt= oki]# tpmtoken_init=0A=0A> > A new TPM security officer password is needed.= The password must=0Abe=0A=0Abetween=0A=0A> > 6 and 127 characters in lengt= h.=0A=0A> > Enter new password:=0A=0A> > Confirm password:=0A=0A> > Segment= ation fault=0A=0A> > [root@dungeon opencryptoki]# tpmtoken_init=0A=0A> > Wa= rning: The TPM token has already been initialized. Reinitializing=0Athe=0A= =0ATPM=0A=0A> > token will cause all TPM token data to be lost.=0A=0A> > Cl= ear the TPM token data? [y/N]: y=0A=0A> > Enter the TPM security officer pa= ssword:=0A=0A> > C_InitToken failed: 0x000000a0 (160)=0A=0A> >=0A=0A> > I h= ave entered SO PIN as 87654321.=0A=0A> >=0A=0A> > [root@dungeon opencryptok= i]# pkcsconf -P -c 0=0A=0A> > Enter the SO PIN: ********=0A=0A> > Enter the= new SO PIN: ********=0A=0A> > Re-enter the new SO PIN: ********=0A=0A> > E= rror setting PIN: 0x6=0A=0A> >=0A=0A> > But Cryptoki has seen my TPM.=0A=0A= > > [root@dungeon opencryptoki]# pkcsconf -s -t=0A=0A> > Token #0 Info:=0A= =0A> > Label: IBM PKCS#11 TPM Token=0A=0A> > Manufacturer: = IBM Corp.=0A=0A> > Model: TPM v1.1 Token=0A=0A> > Serial Nu= mber: 123=0A=0A> > Flags: 0x980445=0A=0A> >=0A=0A>=0A=0A(RNG|LOGIN_= REQUIRED|CLOCK_ON_TOKEN|TOKEN_INITIALIZED|USER_PIN_TO_BE_CHANGED|SO_PIN_COU= NT_LOW|SO_PIN_TO_BE_CHANGED)=0A=0A=0A=0A> > Sessions: -1/-1=0A=0A> = > R/W Sessions: -1/-1=0A=0A> > PIN Length: 6-127=0A=0A> > = Public Memory: 0xFFFFFFFF/0xFFFFFFFF=0A=0A> > Private Memory= : 0xFFFFFFFF/0xFFFFFFFF=0A=0A> > Hardware Version: 1.0=0A=0A> > = Firmware Version: 1.0=0A=0A> > Time: 05:52:06 PM=0A=0A> > Toke= n #1 Info:=0A=0A> > Label: IBM OS PKCS#11=0A=0A> > Manufact= urer: IBM Corp.=0A=0A> > Model: IBM SoftTok=0A=0A> > Serial= Number: 123=0A=0A> > Flags: 0x880045=0A=0A> >=0A=0A>=0A=0A(RNG|LOG= IN_REQUIRED|CLOCK_ON_TOKEN|USER_PIN_TO_BE_CHANGED|SO_PIN_TO_BE_CHANGED)=0A= =0A=0A=0A> > Sessions: -1/-1=0A=0A> > R/W Sessions: -1/-1= =0A=0A> > PIN Length: 4-8=0A=0A> > Public Memory: 0xFFFFFFF= F/0xFFFFFFFF=0A=0A> > Private Memory: 0xFFFFFFFF/0xFFFFFFFF=0A=0A> = > Hardware Version: 1.0=0A=0A> > Firmware Version: 1.0=0A= =0A> > Time: 05:52:06 PM=0A=0A> > Slot #0 Info=0A=0A> > Des= cription: Linux 2.6.18 Linux (TPM)=0A=0A> > Manufacturer: Linux 2.6= .18=0A=0A> > Flags: 0x5 (TOKEN_PRESENT|HW_SLOT)=0A=0A> > Ha= rdware Version: 0.0=0A=0A> > Firmware Version: 1.1=0A=0A> > Slot #1= Info=0A=0A> > Description: Linux 2.6.18 Linux (Soft)=0A=0A> > = Manufacturer: Linux 2.6.18=0A=0A> > Flags: 0x1 (TOKEN_PRESENT)= =0A=0A> > Hardware Version: 0.0=0A=0A> > Firmware Version: = 1.1=0A=0A> >=0A=0A> > Do you have any idea what is going on? What should I = do?=0A=0A> >=0A=0A> > Thanx in advance.=0A=0A> > -- burak()=0A=0A> > (ps: = bf)=0A=0A> > METU CENG '06=0A=0A> >=0A=0A> >=0A=0A> >=0A=0A> >=0A=0A-------= ------------------------------------------------------------------=0A=0A> >= Using Tomcat but need to do more? Need to support web services,=0A=0Asecur= ity?=0A=0A> > Get stuff done quickly with pre-integrated technology to make= =0Ayour job=0A=0A> > easier=0A=0A> > Download IBM WebSphere Application Ser= ver v.1.0.1 based on Apache=0A=0AGeronimo=0A=0A> >=0A=0Ahttp://sel.as-us.fa= lkag.net/sel?cmd=3Dlnk&kid=3D120709&bid=3D263057&dat=3D121642=0A=0A> >=0A= =0A> > _______________________________________________=0A=0A> > opencryptok= i-users mailing list=0A=0A> > ope...@li...=0A= =0A> > https://lists.sourceforge.net/lists/listinfo/opencryptoki-users=0A= =0A> >=0A=0A> >=0A=0A> >=0A=0A=0A=0A>=0A=0A> --=0A=0A> Kent Yoder=0A=0A> IB= M LTC Security Dev.=0A=0A=0A=0A> ------------------------------------------= -------------------------------=0A=0A> Using Tomcat but need to do more? Ne= ed to support web services, security?=0A=0A> Get stuff done quickly with pr= e-integrated technology to make your=0Ajob=0A=0Aeasier=0A=0A> Download IBM = WebSphere Application Server v.1.0.1 based on Apache=0A=0AGeronimo=0A=0A> h= ttp://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D120709&bid=3D263057&dat=3D12= 1642=0A=0A> _______________________________________________=0A=0A> opencryp= toki-users mailing list=0A=0A> ope...@li...=0A= =0A> https://lists.sourceforge.net/lists/listinfo/opencryptoki-users=0A=0A= =0A=0A=0A=0A=0A=0A---------------------------------------------------------= ----------------=0A=0AUsing Tomcat but need to do more? Need to support web= services, security?=0A=0AGet stuff done quickly with pre-integrated techno= logy to make your job=0Aeasier=0A=0ADownload IBM WebSphere Application Serv= er v.1.0.1 based on Apache Geronimo=0A=0Ahttp://sel.as-us.falkag.net/sel?cm= d=3Dlnk&kid=3D120709&bid=3D263057&dat=3D121642=0A=0A_______________________= ________________________=0A=0Aopencryptoki-users mailing list=0A=0Aopencryp= tok...@li...=0A=0Ahttps://lists.sourceforge.net/lists/l= istinfo/opencryptoki-users=0A=0A=0A=0A-------------------------------------= ------------------------------------=0A=0AUsing Tomcat but need to do more?= Need to support web services, security?=0A=0AGet stuff done quickly with p= re-integrated technology to make your job=0Aeasier=0A=0ADownload IBM WebSph= ere Application Server v.1.0.1 based on Apache Geronimo=0A=0Ahttp://sel.as-= us.falkag.net/sel?cmd=3Dlnk&kid=3D120709&bid=3D263057&dat=3D121642_________= ______________________________________=0A=0Aopencryptoki-users mailing list= =0A=0Ao...@li...=0A=0Ahttps://lists.sourcefor= ge.net/lists/listinfo/opencryptoki-users=0A=0A=0A=0A=0A=0A=0A=0A=0A |