Menu
▾
▴
Re: [Opensc-devel] Pin entry doesn't work under Windows
|
From: twisteroid a. <twi...@gm...> - 2016-03-25 00:34:15
|
It was cmd.exe and 64 bit. Looks like you and Philip are both right. I also see the same errors in the log with enough -v flags. If I use an autohotkey script to enter the pins rapidly, then the PIN is changed successfully. On Mar 23, 2016 6:19 PM, "Douglas E Engert" <dee...@gm...> wrote: > In this with the powershell or cmd.exe? Are you using 32 or 64 bit version? > > I think it is a lock timeout. > I am seeing something similar on W10 64 bit. in both it fails. > > In powershell try this: > ./pkcs15-tool --change-pin -vvvvvvvvv > > 2016-03-23 16:37:56.154 [pkcs15-tool] > pkcs15-piv.c:1019:sc_pkcs15emu_piv_init: returning with: 0 (Success) > 2016-03-23 16:37:56.154 [pkcs15-tool] > pkcs15-syn.c:218:sc_pkcs15_bind_synthetic: returning with: 0 (Success) > 2016-03-23 16:37:56.154 [pkcs15-tool] card.c:434:sc_unlock: called > 2016-03-23 16:37:56.154 [pkcs15-tool] pkcs15.c:1251:sc_pkcs15_bind: > returning with: 0 (Success) > Found PIV_II! > Enter old PIN [PIV Card Holder pin]: Enter new PIN [PIV Card Holder pin]: > Enter new PIN again [PIV Card Holder pin]: 2016-03-23 16:38:03. > 968 [pkcs15-tool] pkcs15-pin.c:390:sc_pkcs15_change_pin: called > 2016-03-23 16:38:03.968 [pkcs15-tool] card.c:394:sc_lock: called > 2016-03-23 16:38:03.968 [pkcs15-tool] sec.c:159:sc_pin_cmd: called > 2016-03-23 16:38:03.984 [pkcs15-tool] apdu.c:563:sc_transmit_apdu: called > 2016-03-23 16:38:03.984 [pkcs15-tool] card.c:394:sc_lock: called > 2016-03-23 16:38:03.984 [pkcs15-tool] apdu.c:530:sc_transmit: called > 2016-03-23 16:38:03.984 [pkcs15-tool] apdu.c:384:sc_single_transmit: called > 2016-03-23 16:38:03.984 CLA:0, INS:24, P1:0, P2:80, data(16) 0018D328 > 2016-03-23 16:38:03.984 reader 'SCM Microsystems Inc. SCR35xx USB Smart > Card Reader 0' > 2016-03-23 16:38:03.984 > Outgoing APDU data [ 21 bytes] ===================================== > 00 24 00 80 10 31 32 33 34 35 36 37 38 31 32 33 .$...12345678123 > 34 35 36 FF FF 456.. > ====================================================================== > 2016-03-23 16:38:03.984 [pkcs15-tool] > reader-pcsc.c:190:pcsc_internal_transmit: called > 2016-03-23 16:38:03.984 SCM Microsystems Inc. SCR35xx USB Smart Card > Reader 0:SCardTransmit/Control failed: 0x80100068 > 2016-03-23 16:38:03.984 [pkcs15-tool] > reader-pcsc.c:384:pcsc_detect_card_presence: called > 2016-03-23 16:38:03.984 SCM Microsystems Inc. SCR35xx USB Smart Card > Reader 0 check > 2016-03-23 16:38:03.984 current state: 0x00050122 > 2016-03-23 16:38:03.984 previous state: 0x00050022 > 2016-03-23 16:38:03.984 card present > 2016-03-23 16:38:03.984 [pkcs15-tool] > reader-pcsc.c:389:pcsc_detect_card_presence: returning with: 5 > 2016-03-23 16:38:03.984 [pkcs15-tool] > reader-pcsc.c:384:pcsc_detect_card_presence: called > 2016-03-23 16:38:03.984 SCM Microsystems Inc. SCR35xx USB Smart Card > Reader 0 check > 2016-03-23 16:38:03.984 [pkcs15-tool] > reader-pcsc.c:313:refresh_attributes: returning with: 0 (Success) > 2016-03-23 16:38:03.984 [pkcs15-tool] > reader-pcsc.c:389:pcsc_detect_card_presence: returning with: 5 > 2016-03-23 16:38:03.984 unable to transmit > 2016-03-23 16:38:03.984 [pkcs15-tool] apdu.c:397:sc_single_transmit: > unable to transmit APDU: -1107 (Transmit failed) > 2016-03-23 16:38:03.984 [pkcs15-tool] apdu.c:533:sc_transmit: transmit > APDU failed: -1107 (Transmit failed) > 2016-03-23 16:38:03.984 [pkcs15-tool] card.c:434:sc_unlock: called > 2016-03-23 16:38:03.984 [pkcs15-tool] iso7816.c:1117:iso7816_pin_cmd: APDU > transmit failed: -1107 (Transmit failed) > 2016-03-23 16:38:03.984 [pkcs15-tool] sec.c:206:sc_pin_cmd: returning > with: -1107 (Transmit failed) > 2016-03-23 16:38:03.984 [pkcs15-tool] card.c:434:sc_unlock: called > PIN code change failed: Transmit failed > 2016-03-23 16:38:03.999 [pkcs15-tool] pkcs15.c:1264:sc_pkcs15_unbind: > called > 2016-03-23 16:38:03.999 [pkcs15-tool] > pkcs15-pin.c:690:sc_pkcs15_pincache_clear: called > 2016-03-23 16:38:03.999 [pkcs15-tool] card.c:434:sc_unlock: called > 2016-03-23 16:38:03.999 [pkcs15-tool] reader-pcsc.c:574:pcsc_unlock: called > 2016-03-23 16:38:03.999 SCM Microsystems Inc. SCR35xx USB Smart Card > Reader 0:SCardEndTransaction failed: 0x80100068 > > > Using cut-and-paste and an editor, shows: > Lock first called: > 2016-03-23 16:37:53.607 [pkcs15-tool] reader-pcsc.c:534:pcsc_lock: > called > > End of last APDU before trying to send change: > 2016-03-23 16:37:55.967 [pkcs15-tool] > apdu.c:399:sc_single_transmit: returning with: 0 (Success) > > When change pin failed to be sent to card: > 2016-03-23 16:38:03.984 [pkcs15-tool] > reader-pcsc.c:190:pcsc_internal_transmit: called > > Lock finally released: > Line 2491: 2016-03-23 16:38:03.999 [pkcs15-tool] > reader-pcsc.c:574:pcsc_unlock: called > > That is just over 8 seconds from last command to card, to prompt and enter > 3 pins and try and send next APDU. > > I remember reading something about this, but can no0t find the timeout in > the registry. > > > https://technet.microsoft.com/en-us/library/dn579258.aspx > > It could be: > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\Providers\Microsoft > Smart Card Key Storage Provider > > TransactionTimeoutMilliseconds which is 1.5 seconds. > > > > > On 3/23/2016 3:34 PM, twisteroid ambassador wrote: > > Hi, > > > > Entering PINs interactively at the command prompt doesn't seem to work > > in Windows 10. > > > > I have OpenSC 0.15.0 win64 installed in Windows 10, using ePass2003 > > tokens. The same hardware works fine under Linux (Arch x64, latest > > OpenSC). Under Windows, however, any operation that involves entering > > PIN at the interactive prompt doesn't seem to work. > > > > For example, pkcs15-tool --change-pin: > > > > C:\Program Files\OpenSC Project\OpenSC\tools>pkcs15-tool.exe > --change-pin -vv > > 2016-03-23 16:16:36.191 [pkcs15-tool] > > reader-pcsc.c:301:refresh_attributes: returning with: 0 (Success) > > 2016-03-23 16:16:36.197 [pkcs15-tool] > > reader-pcsc.c:377:pcsc_detect_card_presence: returning with: 1 > > Using reader with a card: FS USB Token 0 > > 2016-03-23 16:16:36.208 [pkcs15-tool] > > reader-pcsc.c:301:refresh_attributes: returning with: 0 (Success) > > 2016-03-23 16:16:36.211 [pkcs15-tool] > > reader-pcsc.c:377:pcsc_detect_card_presence: returning with: 1 > > Connecting to card in reader FS USB Token 0... > > 2016-03-23 16:16:36.217 [pkcs15-tool] card.c:148:sc_connect_card: called > > 2016-03-23 16:16:36.220 [pkcs15-tool] > > reader-pcsc.c:301:refresh_attributes: returning with: 0 (Success) > > 2016-03-23 16:16:36.223 [pkcs15-tool] > > card-entersafe.c:106:entersafe_match_card: called > > Using card driver epass2003. > > Trying to find a PKCS#15 compatible card... > > Found OpenSC Card! > > Enter old PIN [User PIN]: Enter new PIN [User PIN]: Enter new PIN > > again [User PIN]: 2016-03-23 16:16:43.390 [pkcs15-tool] > > reader-pcsc.c:377:pcsc_detect_card_presence: returning with: 5 > > 2016-03-23 16:16:43.398 [pkcs15-tool] > > reader-pcsc.c:301:refresh_attributes: returning with: 0 (Success) > > 2016-03-23 16:16:43.404 [pkcs15-tool] > > reader-pcsc.c:377:pcsc_detect_card_presence: returning with: 5 > > 2016-03-23 16:16:43.411 [pkcs15-tool] sec.c:206:sc_pin_cmd: returning > > with: -1107 (Transmit failed) > > PIN code change failed: Transmit failed > > 2016-03-23 16:16:43.426 [pkcs15-tool] ctx.c:799:sc_release_context: > called > > > > > > (Note the line starting with "Enter old pin". All those prompts do > > appear on the same line, as well as the next piece of debug info. > > Maybe this hints at a Windows/Linux EOL problem?) > > > > The same command does work if the PIN is included in the arguments: > > > > C:\Program Files\OpenSC Project\OpenSC\tools>pkcs15-tool.exe > > --change-pin -vv --pin oldpin12 --new-pin 12345678 > > 2016-03-23 16:22:05.713 [pkcs15-tool] > > reader-pcsc.c:377:pcsc_detect_card_presence: returning with: 1 > > Using reader with a card: FS USB Token 0 > > 2016-03-23 16:22:05.725 [pkcs15-tool] > > reader-pcsc.c:301:refresh_attributes: returning with: 0 (Success) > > 2016-03-23 16:22:05.730 [pkcs15-tool] > > reader-pcsc.c:377:pcsc_detect_card_presence: returning with: 1 > > Connecting to card in reader FS USB Token 0... > > 2016-03-23 16:22:05.740 [pkcs15-tool] card.c:148:sc_connect_card: called > > 2016-03-23 16:22:05.744 [pkcs15-tool] > > reader-pcsc.c:301:refresh_attributes: returning with: 0 (Success) > > 2016-03-23 16:22:05.752 [pkcs15-tool] > > card-entersafe.c:106:entersafe_match_card: called > > Using card driver epass2003. > > Trying to find a PKCS#15 compatible card... > > Found OpenSC Card! > > 2016-03-23 16:22:06.487 [pkcs15-tool] sec.c:206:sc_pin_cmd: returning > > with: 0 (Success) > > 2016-03-23 16:22:06.493 cannot lock memory, sensitive data may be paged > to disk > > PIN code changed successfully. > > 2016-03-23 16:22:06.516 [pkcs15-tool] ctx.c:799:sc_release_context: > called > > > > > > Similarly, when using private key stored on token for OpenVPN > > authentication, there are errors after entering the PIN interactively. > > Console log excerpt: > > > > Enter OpenSC Card (User PIN) token Password: > > 2016-03-23 16:02:21.334 cannot lock memory, sensitive data may be paged > to disk > > Wed Mar 23 16:02:21 2016 PKCS#11: Cannot perform signature > > 512:'CKR_FUNCTION_REJECTED' > > Wed Mar 23 16:02:21 2016 TLS_ERROR: BIO read tls_read_plaintext error: > > error:14099004:SSL routines:SSL3_SEND_CLIENT_VERIFY:RSA lib > > Wed Mar 23 16:02:21 2016 TLS Error: TLS object -> incoming plaintext > read error > > Wed Mar 23 16:02:21 2016 TLS Error: TLS handshake failed > > > > > > > > Is this a known problem? > > Please inform me if any more information is needed. > > > > Thanks, > > > > -- > > twisteroid ambassado > > > > > ------------------------------------------------------------------------------ > > Transform Data into Opportunity. > > Accelerate data analysis in your applications with > > Intel Data Analytics Acceleration Library. > > Click to learn more. > > http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140 > > _______________________________________________ > > Opensc-devel mailing list > > Ope...@li... > > https://lists.sourceforge.net/lists/listinfo/opensc-devel > > > > -- > > Douglas E. Engert <DEE...@gm...> > > > > ------------------------------------------------------------------------------ > Transform Data into Opportunity. > Accelerate data analysis in your applications with > Intel Data Analytics Acceleration Library. > Click to learn more. > http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140 > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel > |
