Re: [opencryptoki-users] OpenCryptoki error
Brought to you by:
ebarretto
From: Steven B. <sb...@au...> - 2007-12-05 16:58:44
|
So i see you are using zLinux. This means that all crypto devices are accessed through a single ICA device. You are not going to get any secure key operations from the CryptoExpress2 feature. Second, you use PKCSCONF to set the PINS etc.. it says locked because you need to chagne the SO pin from the default. Step 1.. Use pkcsconf to initialize the token Step 2.. Change the SO Pin Step 3.. set the initial user pin Step 4.. change the user pin from the one set by the SO These steps need to be done with pkcsconf EACH All you have done with pkcsconf is list the token information in slot 0 What platform are you doing this on? Moses, Brett B wrote: > Hi, thanks for your reply. When I try to set the PKCS11_USER_PIN and the > SO_PIN I get the following error: > > zlnx03:/usr/sbin # ./pkcsconf -t -c 0 > Token #0 Info: > Label: PKCS11 > Manufacturer: IBM Corp. > Model: IBM ICA > Serial Number: 123 > Flags: 0xC80445 > (RNG|LOGIN_REQUIRED|CLOCK_ON_TOKEN|TOKEN_INITIALIZED|USER_PIN_TO_BE_CHAN > GED|SO_PIN_LOCKED|SO_PIN_TO_BE_CHANGED) > Sessions: -1/-1 > R/W Sessions: -1/-1 > PIN Length: 4-8 > Public Memory: 0xFFFFFFFF/0xFFFFFFFF > Private Memory: 0xFFFFFFFF/0xFFFFFFFF > Hardware Version: 1.0 > Firmware Version: 1.0 > Time: 09:21:26 AM > > zlnx03:/home/opencrypto/opencryptoki-2.2.4.1/testcases/test_crypto # > ./test_crypto > ERROR call to C_Login failed, rc = 0x102 > zlnx03:/home/opencrypto/opencryptoki-2.2.4.1/testcases/test_crypto # > > zlnx03:/home/opencrypto/opencryptoki-2.2.4.1/testcases/rsa_keygen # > ./rsa_keygen > Using slot #0... > > do_GenerateRSAKey... > C_Login #1 returned: 258 (0x102) CKR_USER_PIN_NOT_INITIALIZED > do_GenerateRSAKeyPair(512) returned: 258 (0x102) > CKR_USER_PIN_NOT_INITIALIZED > zlnx03:/home/opencrypto/opencryptoki-2.2.4.1/testcases/rsa_keygen # > > > I would like to know how I can reset the status of the SO_PIN and > USER_PIN back to the default. Above it states that the SO_PIN_LOCKED. > > Thanks > > -----Original Message----- > From: Steven Bade [mailto:sb...@au...] > Sent: 04 December 2007 04:29 PM > To: Moses, Brett B > Cc: ope...@li... > Subject: Re: [opencryptoki-users] OpenCryptoki error > > So the message is very clear. The test cases require that the User PIN > be put in an environment variable. > > However, we don't support the 4764 card with opencryptoki. You probably > only have the soft token loaded. There are 2 IBM cards supported with > OC, both are end of life.. > First is the IBM Cryptographic Accelerator, Feature Code 4960 on System > P > Second is the 4758, which went by many feature codes. However the > labeling on the device in all cases says 4758. > > If I remember Correct 4764 is the FOLLOW ON to the 4758 and as far as I > know no one has done any interfacing to this with opencryptoki > Moses, Brett B wrote: >> Hi, I am currently trying to setup opencryptoki PKCS11 library to >> interface with a IBM 4764 card. I am getting the following error when >> trying to run the test cases: >> >> >> >> zlnx03:/home/opencrypto/opencryptoki-2.2.4.1/testcases/test_crypto # >> ./test_crypto >> >> The environment variable PKCS11_USER_PIN must be set before this >> testcase is run. >> >> ERROR call to test_crytpo failed. >> >> >> >> Can you please assist with this small problem. >> >> >> >> Kind regards >> >> >> >> *Brett Moses* >> >> >> >> IT Security >> >> 3rd Floor, Entrance 2, Pillar Blue 2 >> >> Standard Bank of South Africa Limited >> >> 5 Simmonds Street >> >> Johannesburg >> >> 2001 >> >> Tel: +27 11 636 5623 >> >> Fax: +27 11 636 7989 >> >> Email: Bre...@st... >> >> >> >> >> >> > ________________________________________________________________________ > __________________________________________________________ >> *Standard Bank Disclaimer and Confidentiality Note* >> >> This e-mail, its attachments and any rights attaching hereto are, > unless >> the context clearly indicates otherwise, the property of Standard Bank >> Group Limited and/or its subsidiaries ("the Group"). It is > confidential, >> private and intended for the addressee only. >> >> Should you not be the addressee and receive this e-mail by mistake, >> kindly notify the sender, and delete this e-mail, immediately and do > not >> disclose or use same in any manner whatsoever. Views and opinions >> expressed in this e-mail are those of the sender unless clearly stated >> as those of the Group. The Group accepts no liability whatsoever for > any >> loss or damages whatsoever and howsoever incurred, or suffered, >> resulting, or arising, from the use of this email or its attachments. >> >> The Group does not warrant the integrity of this e-mail nor that it is >> free of errors, viruses, interception or interference. Licensed >> divisions of the Standard Bank Group are authorised financial services >> providers in terms of the Financial Advisory and Intermediary Services >> Act, No 37 of 2002 (FAIS). >> >> For information about the Standard Bank Group Limited visit our > website >> http://www.standardbank.co.za >> >> > ________________________________________________________________________ > __________________________________________________________ >> >> > ------------------------------------------------------------------------ >> > ------------------------------------------------------------------------ > - >> SF.Net email is sponsored by: The Future of Linux Business White Paper >> from Novell. From the desktop to the data center, Linux is going >> mainstream. Let it simplify your IT future. >> http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4 >> >> >> > ------------------------------------------------------------------------ >> _______________________________________________ >> opencryptoki-users mailing list >> ope...@li... >> https://lists.sourceforge.net/lists/listinfo/opencryptoki-users > > __________________________________________________________________________________________________________________________________ > > Standard Bank Disclaimer and Confidentiality Note > > This e-mail, its attachments and any rights attaching hereto are, unless the context clearly indicates otherwise, the property of Standard Bank Group Limited > and/or its subsidiaries ("the Group"). It is confidential, private and intended for the addressee only. Should you not be the addressee and receive this e-mail by > mistake, kindly notify the sender, and delete this e-mail, immediately and do not disclose or use same in any manner whatsoever. Views and opinions > expressed in this e-mail are those of the sender unless clearly stated as those of the Group. The Group accepts no liability whatsoever for any loss or > damages whatsoever and howsoever incurred, or suffered, resulting, or arising, from the use of this email or its attachments. The Group does not warrant the integrity > of this e-mail nor that it is free of errors, viruses, interception or interference. Licensed divisions of the Standard Bank Group are authorised financial services providers > in terms of the Financial Advisory and Intermediary Services Act, No 37 of 2002 (FAIS). > For information about the Standard Bank Group Limited visit our website http://www.standardbank.co.za > ___________________________________________________________________________________________________________________________________ > > ------------------------------------------------------------------------- > SF.Net email is sponsored by: The Future of Linux Business White Paper > from Novell. From the desktop to the data center, Linux is going > mainstream. Let it simplify your IT future. > http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4 > _______________________________________________ > opencryptoki-users mailing list > ope...@li... > https://lists.sourceforge.net/lists/listinfo/opencryptoki-users |