Menu
▾
▴
Re: [Opensc-devel] help with piv card
|
From: Ray L. <cod...@in...> - 2020-03-27 23:29:43
|
Hi again, Just a quick final follow-up. I did try cleaning the card & reader, as you suggested, but it didn't help. I eventually got around to checking the system log (again) and this time I noticed errors from pcsc indicating a HW problem. If I restart pcsc with no card present it reports HW errors talking to the reader and concludes that it cannot register the reader. If I restart with the card present I see a lot card read errors (which tend to bury the HW messages). I'm guessing this is how I missed those messages earlier, since I almost always leave the card in. So, bottom line, it appears that the reader has in fact failed (although I still don't like the coincidence). I have ordered a new usb reader from amazon and hopefully that will solve the problem. Thanks again for everyone's help! ~ray On 3/26/20 6:03 PM, Douglas E Engert wrote: > Sounds like a physical contact problem between the reader and card. > Have you > tried cleaning the contacts. a pencil eraser can be used. > > You say the reader worked for years. Look at the contacts, dirty or bent? > You said: "and the new one works on Windows." I assume with a > different reader? > > Could also be power issue with new card needing more power then the > old one. > > Could be new card is a little out of spec, and does not make good contact > with old reader. > > Google for: how to clean smart card reader > > I would try another reader on the same machine too. > > > > > On 3/26/2020 4:04 PM, Ray Lambert wrote: >> On 3/26/20 8:05 AM, Douglas E Engert wrote: >>> What does `OPENSC_DEBUG=3 pkcs11-tool -O` >>> >>> Note PIV driver caches and parses the certificates early in the process >>> and would show if the card is dead, or if certificates can not be >>> parsed. >>> >> Hi Douglas, >> >> Thanks for the response. Not sure if I should post the whole output >> to this list (it's ~20k, 147 lines)? >> >> pcsc functions appear to be returning "-1113 (Unresponsive card >> (correctly inserted?))" consistently and the final error appears to >> be "CKR_DEVICE_ERROR (0x30)": >> >> P:31787; T:0x140133000816448 16:53:07.536 [opensc-pkcs11] >> pkcs11-global.c:596:C_GetSlotInfo: C_GetSlotInfo() card detect rv 0x30 >> P:31787; T:0x140133000816448 16:53:07.536 [opensc-pkcs11] >> pkcs11-global.c:613:C_GetSlotInfo: C_GetSlotInfo() flags 0x20 >> P:31787; T:0x140133000816448 16:53:07.536 [opensc-pkcs11] >> pkcs11-global.c:614:C_GetSlotInfo: C_GetSlotInfo(0x0) = CKR_DEVICE_ERROR >> P:31787; T:0x140133000816448 16:53:07.536 [opensc-pkcs11] >> pkcs11-global.c:365:C_Finalize: C_Finalize() >> >> I've tried reinserting the card but no dice. As I mentioned, the old >> card was working fine and the new one works on Windows. It would be >> quite a coincidence if the card reader died at the same time I got a >> new card(?). >> >> Please LMK if you need more. >> >> Thanks again! >> >> ~ray >> >> >>> >>> >>> On 3/25/2020 6:53 PM, Ray Lambert wrote: >>>> Hi, >>>> >>>> I'm trying to get a new PIV card to work and hoping someone can help. >>>> >>>> The old card was working perfectly for some time with openconnect >>>> vpn, pcsc, and p11-kit on Manjaro (fully updated). >>>> >>>> The new card is recognized and the ATR is accessible but the card >>>> is not otherwise visible (no tokens). >>>> >>>> I recently installed opensc to try to get it work but the results >>>> are the same. I was advised (on the OC mailing list) that a >>>> different pkcs#11 driver may be needed. >>>> >>>> The card type (according to ActivClient on Windows) is "ID-One >>>> Cosmo v8.0 128K with PIV 2.3.5" (Oberthur). >>>> >>>> opensc results are: >>>> >>>> #### >>>> >>>> $ opensc-tool -l >>>> # Detected readers (pcsc) >>>> Nr. Card Features Name >>>> 0 Yes Broadcom Corp 5880 [Contacted SmartCard] >>>> (0123456789ABCD) 00 00 >>>> >>>> $ opensc-tool -a >>>> >>>> Using reader with a card: Broadcom Corp 5880 [Contacted SmartCard] >>>> (0123456789ABCD) 00 00 >>>> 3b:d6:97:00:81:b1:fe:45:1f:07:80:31:c1:52:11:18:f9 >>>> >>>> $ opensc-tool -n >>>> Using reader with a card: Broadcom Corp 5880 [Contacted SmartCard] >>>> (0123456789ABCD) 00 00 >>>> Failed to connect to card: Unresponsive card (correctly inserted?) >>>> >>>> #### >>>> >>>> pcsc_scan returns the same ATR (different format) and identifies it >>>> (via smartcard_list.txt) as: "NASA Personal Identity Verification >>>> (PIV) card (eID)". (Note: this is a USG-issued card but not from >>>> NASA.) >>>> >>>> I would greatly appreciate any insight or advice anyone can offer! >>>> >>>> Thanks, >>>> >>>> ~ray >>> >> >> >> . > |
