Menu
▾
▴
opensc-devel
|
From: twisteroid a. <twi...@gm...> - 2016-03-23 20:34:57
|
Hi, Entering PINs interactively at the command prompt doesn't seem to work in Windows 10. I have OpenSC 0.15.0 win64 installed in Windows 10, using ePass2003 tokens. The same hardware works fine under Linux (Arch x64, latest OpenSC). Under Windows, however, any operation that involves entering PIN at the interactive prompt doesn't seem to work. For example, pkcs15-tool --change-pin: C:\Program Files\OpenSC Project\OpenSC\tools>pkcs15-tool.exe --change-pin -vv 2016-03-23 16:16:36.191 [pkcs15-tool] reader-pcsc.c:301:refresh_attributes: returning with: 0 (Success) 2016-03-23 16:16:36.197 [pkcs15-tool] reader-pcsc.c:377:pcsc_detect_card_presence: returning with: 1 Using reader with a card: FS USB Token 0 2016-03-23 16:16:36.208 [pkcs15-tool] reader-pcsc.c:301:refresh_attributes: returning with: 0 (Success) 2016-03-23 16:16:36.211 [pkcs15-tool] reader-pcsc.c:377:pcsc_detect_card_presence: returning with: 1 Connecting to card in reader FS USB Token 0... 2016-03-23 16:16:36.217 [pkcs15-tool] card.c:148:sc_connect_card: called 2016-03-23 16:16:36.220 [pkcs15-tool] reader-pcsc.c:301:refresh_attributes: returning with: 0 (Success) 2016-03-23 16:16:36.223 [pkcs15-tool] card-entersafe.c:106:entersafe_match_card: called Using card driver epass2003. Trying to find a PKCS#15 compatible card... Found OpenSC Card! Enter old PIN [User PIN]: Enter new PIN [User PIN]: Enter new PIN again [User PIN]: 2016-03-23 16:16:43.390 [pkcs15-tool] reader-pcsc.c:377:pcsc_detect_card_presence: returning with: 5 2016-03-23 16:16:43.398 [pkcs15-tool] reader-pcsc.c:301:refresh_attributes: returning with: 0 (Success) 2016-03-23 16:16:43.404 [pkcs15-tool] reader-pcsc.c:377:pcsc_detect_card_presence: returning with: 5 2016-03-23 16:16:43.411 [pkcs15-tool] sec.c:206:sc_pin_cmd: returning with: -1107 (Transmit failed) PIN code change failed: Transmit failed 2016-03-23 16:16:43.426 [pkcs15-tool] ctx.c:799:sc_release_context: called (Note the line starting with "Enter old pin". All those prompts do appear on the same line, as well as the next piece of debug info. Maybe this hints at a Windows/Linux EOL problem?) The same command does work if the PIN is included in the arguments: C:\Program Files\OpenSC Project\OpenSC\tools>pkcs15-tool.exe --change-pin -vv --pin oldpin12 --new-pin 12345678 2016-03-23 16:22:05.713 [pkcs15-tool] reader-pcsc.c:377:pcsc_detect_card_presence: returning with: 1 Using reader with a card: FS USB Token 0 2016-03-23 16:22:05.725 [pkcs15-tool] reader-pcsc.c:301:refresh_attributes: returning with: 0 (Success) 2016-03-23 16:22:05.730 [pkcs15-tool] reader-pcsc.c:377:pcsc_detect_card_presence: returning with: 1 Connecting to card in reader FS USB Token 0... 2016-03-23 16:22:05.740 [pkcs15-tool] card.c:148:sc_connect_card: called 2016-03-23 16:22:05.744 [pkcs15-tool] reader-pcsc.c:301:refresh_attributes: returning with: 0 (Success) 2016-03-23 16:22:05.752 [pkcs15-tool] card-entersafe.c:106:entersafe_match_card: called Using card driver epass2003. Trying to find a PKCS#15 compatible card... Found OpenSC Card! 2016-03-23 16:22:06.487 [pkcs15-tool] sec.c:206:sc_pin_cmd: returning with: 0 (Success) 2016-03-23 16:22:06.493 cannot lock memory, sensitive data may be paged to disk PIN code changed successfully. 2016-03-23 16:22:06.516 [pkcs15-tool] ctx.c:799:sc_release_context: called Similarly, when using private key stored on token for OpenVPN authentication, there are errors after entering the PIN interactively. Console log excerpt: Enter OpenSC Card (User PIN) token Password: 2016-03-23 16:02:21.334 cannot lock memory, sensitive data may be paged to disk Wed Mar 23 16:02:21 2016 PKCS#11: Cannot perform signature 512:'CKR_FUNCTION_REJECTED' Wed Mar 23 16:02:21 2016 TLS_ERROR: BIO read tls_read_plaintext error: error:14099004:SSL routines:SSL3_SEND_CLIENT_VERIFY:RSA lib Wed Mar 23 16:02:21 2016 TLS Error: TLS object -> incoming plaintext read error Wed Mar 23 16:02:21 2016 TLS Error: TLS handshake failed Is this a known problem? Please inform me if any more information is needed. Thanks, -- twisteroid ambassado |
|
From: Douglas E E. <dee...@gm...> - 2016-03-23 22:17:08
|
In this with the powershell or cmd.exe? Are you using 32 or 64 bit version?
I think it is a lock timeout.
I am seeing something similar on W10 64 bit. in both it fails.
In powershell try this:
./pkcs15-tool --change-pin -vvvvvvvvv
2016-03-23 16:37:56.154 [pkcs15-tool] pkcs15-piv.c:1019:sc_pkcs15emu_piv_init: returning with: 0 (Success)
2016-03-23 16:37:56.154 [pkcs15-tool] pkcs15-syn.c:218:sc_pkcs15_bind_synthetic: returning with: 0 (Success)
2016-03-23 16:37:56.154 [pkcs15-tool] card.c:434:sc_unlock: called
2016-03-23 16:37:56.154 [pkcs15-tool] pkcs15.c:1251:sc_pkcs15_bind: returning with: 0 (Success)
Found PIV_II!
Enter old PIN [PIV Card Holder pin]: Enter new PIN [PIV Card Holder pin]: Enter new PIN again [PIV Card Holder pin]: 2016-03-23 16:38:03.
968 [pkcs15-tool] pkcs15-pin.c:390:sc_pkcs15_change_pin: called
2016-03-23 16:38:03.968 [pkcs15-tool] card.c:394:sc_lock: called
2016-03-23 16:38:03.968 [pkcs15-tool] sec.c:159:sc_pin_cmd: called
2016-03-23 16:38:03.984 [pkcs15-tool] apdu.c:563:sc_transmit_apdu: called
2016-03-23 16:38:03.984 [pkcs15-tool] card.c:394:sc_lock: called
2016-03-23 16:38:03.984 [pkcs15-tool] apdu.c:530:sc_transmit: called
2016-03-23 16:38:03.984 [pkcs15-tool] apdu.c:384:sc_single_transmit: called
2016-03-23 16:38:03.984 CLA:0, INS:24, P1:0, P2:80, data(16) 0018D328
2016-03-23 16:38:03.984 reader 'SCM Microsystems Inc. SCR35xx USB Smart Card Reader 0'
2016-03-23 16:38:03.984
Outgoing APDU data [ 21 bytes] =====================================
00 24 00 80 10 31 32 33 34 35 36 37 38 31 32 33 .$...12345678123
34 35 36 FF FF 456..
======================================================================
2016-03-23 16:38:03.984 [pkcs15-tool] reader-pcsc.c:190:pcsc_internal_transmit: called
2016-03-23 16:38:03.984 SCM Microsystems Inc. SCR35xx USB Smart Card Reader 0:SCardTransmit/Control failed: 0x80100068
2016-03-23 16:38:03.984 [pkcs15-tool] reader-pcsc.c:384:pcsc_detect_card_presence: called
2016-03-23 16:38:03.984 SCM Microsystems Inc. SCR35xx USB Smart Card Reader 0 check
2016-03-23 16:38:03.984 current state: 0x00050122
2016-03-23 16:38:03.984 previous state: 0x00050022
2016-03-23 16:38:03.984 card present
2016-03-23 16:38:03.984 [pkcs15-tool] reader-pcsc.c:389:pcsc_detect_card_presence: returning with: 5
2016-03-23 16:38:03.984 [pkcs15-tool] reader-pcsc.c:384:pcsc_detect_card_presence: called
2016-03-23 16:38:03.984 SCM Microsystems Inc. SCR35xx USB Smart Card Reader 0 check
2016-03-23 16:38:03.984 [pkcs15-tool] reader-pcsc.c:313:refresh_attributes: returning with: 0 (Success)
2016-03-23 16:38:03.984 [pkcs15-tool] reader-pcsc.c:389:pcsc_detect_card_presence: returning with: 5
2016-03-23 16:38:03.984 unable to transmit
2016-03-23 16:38:03.984 [pkcs15-tool] apdu.c:397:sc_single_transmit: unable to transmit APDU: -1107 (Transmit failed)
2016-03-23 16:38:03.984 [pkcs15-tool] apdu.c:533:sc_transmit: transmit APDU failed: -1107 (Transmit failed)
2016-03-23 16:38:03.984 [pkcs15-tool] card.c:434:sc_unlock: called
2016-03-23 16:38:03.984 [pkcs15-tool] iso7816.c:1117:iso7816_pin_cmd: APDU transmit failed: -1107 (Transmit failed)
2016-03-23 16:38:03.984 [pkcs15-tool] sec.c:206:sc_pin_cmd: returning with: -1107 (Transmit failed)
2016-03-23 16:38:03.984 [pkcs15-tool] card.c:434:sc_unlock: called
PIN code change failed: Transmit failed
2016-03-23 16:38:03.999 [pkcs15-tool] pkcs15.c:1264:sc_pkcs15_unbind: called
2016-03-23 16:38:03.999 [pkcs15-tool] pkcs15-pin.c:690:sc_pkcs15_pincache_clear: called
2016-03-23 16:38:03.999 [pkcs15-tool] card.c:434:sc_unlock: called
2016-03-23 16:38:03.999 [pkcs15-tool] reader-pcsc.c:574:pcsc_unlock: called
2016-03-23 16:38:03.999 SCM Microsystems Inc. SCR35xx USB Smart Card Reader 0:SCardEndTransaction failed: 0x80100068
Using cut-and-paste and an editor, shows:
Lock first called:
2016-03-23 16:37:53.607 [pkcs15-tool] reader-pcsc.c:534:pcsc_lock: called
End of last APDU before trying to send change:
2016-03-23 16:37:55.967 [pkcs15-tool] apdu.c:399:sc_single_transmit: returning with: 0 (Success)
When change pin failed to be sent to card:
2016-03-23 16:38:03.984 [pkcs15-tool] reader-pcsc.c:190:pcsc_internal_transmit: called
Lock finally released:
Line 2491: 2016-03-23 16:38:03.999 [pkcs15-tool] reader-pcsc.c:574:pcsc_unlock: called
That is just over 8 seconds from last command to card, to prompt and enter 3 pins and try and send next APDU.
I remember reading something about this, but can no0t find the timeout in the registry.
https://technet.microsoft.com/en-us/library/dn579258.aspx
It could be:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\Providers\Microsoft Smart Card Key Storage Provider
TransactionTimeoutMilliseconds which is 1.5 seconds.
On 3/23/2016 3:34 PM, twisteroid ambassador wrote:
> Hi,
>
> Entering PINs interactively at the command prompt doesn't seem to work
> in Windows 10.
>
> I have OpenSC 0.15.0 win64 installed in Windows 10, using ePass2003
> tokens. The same hardware works fine under Linux (Arch x64, latest
> OpenSC). Under Windows, however, any operation that involves entering
> PIN at the interactive prompt doesn't seem to work.
>
> For example, pkcs15-tool --change-pin:
>
> C:\Program Files\OpenSC Project\OpenSC\tools>pkcs15-tool.exe --change-pin -vv
> 2016-03-23 16:16:36.191 [pkcs15-tool]
> reader-pcsc.c:301:refresh_attributes: returning with: 0 (Success)
> 2016-03-23 16:16:36.197 [pkcs15-tool]
> reader-pcsc.c:377:pcsc_detect_card_presence: returning with: 1
> Using reader with a card: FS USB Token 0
> 2016-03-23 16:16:36.208 [pkcs15-tool]
> reader-pcsc.c:301:refresh_attributes: returning with: 0 (Success)
> 2016-03-23 16:16:36.211 [pkcs15-tool]
> reader-pcsc.c:377:pcsc_detect_card_presence: returning with: 1
> Connecting to card in reader FS USB Token 0...
> 2016-03-23 16:16:36.217 [pkcs15-tool] card.c:148:sc_connect_card: called
> 2016-03-23 16:16:36.220 [pkcs15-tool]
> reader-pcsc.c:301:refresh_attributes: returning with: 0 (Success)
> 2016-03-23 16:16:36.223 [pkcs15-tool]
> card-entersafe.c:106:entersafe_match_card: called
> Using card driver epass2003.
> Trying to find a PKCS#15 compatible card...
> Found OpenSC Card!
> Enter old PIN [User PIN]: Enter new PIN [User PIN]: Enter new PIN
> again [User PIN]: 2016-03-23 16:16:43.390 [pkcs15-tool]
> reader-pcsc.c:377:pcsc_detect_card_presence: returning with: 5
> 2016-03-23 16:16:43.398 [pkcs15-tool]
> reader-pcsc.c:301:refresh_attributes: returning with: 0 (Success)
> 2016-03-23 16:16:43.404 [pkcs15-tool]
> reader-pcsc.c:377:pcsc_detect_card_presence: returning with: 5
> 2016-03-23 16:16:43.411 [pkcs15-tool] sec.c:206:sc_pin_cmd: returning
> with: -1107 (Transmit failed)
> PIN code change failed: Transmit failed
> 2016-03-23 16:16:43.426 [pkcs15-tool] ctx.c:799:sc_release_context: called
>
>
> (Note the line starting with "Enter old pin". All those prompts do
> appear on the same line, as well as the next piece of debug info.
> Maybe this hints at a Windows/Linux EOL problem?)
>
> The same command does work if the PIN is included in the arguments:
>
> C:\Program Files\OpenSC Project\OpenSC\tools>pkcs15-tool.exe
> --change-pin -vv --pin oldpin12 --new-pin 12345678
> 2016-03-23 16:22:05.713 [pkcs15-tool]
> reader-pcsc.c:377:pcsc_detect_card_presence: returning with: 1
> Using reader with a card: FS USB Token 0
> 2016-03-23 16:22:05.725 [pkcs15-tool]
> reader-pcsc.c:301:refresh_attributes: returning with: 0 (Success)
> 2016-03-23 16:22:05.730 [pkcs15-tool]
> reader-pcsc.c:377:pcsc_detect_card_presence: returning with: 1
> Connecting to card in reader FS USB Token 0...
> 2016-03-23 16:22:05.740 [pkcs15-tool] card.c:148:sc_connect_card: called
> 2016-03-23 16:22:05.744 [pkcs15-tool]
> reader-pcsc.c:301:refresh_attributes: returning with: 0 (Success)
> 2016-03-23 16:22:05.752 [pkcs15-tool]
> card-entersafe.c:106:entersafe_match_card: called
> Using card driver epass2003.
> Trying to find a PKCS#15 compatible card...
> Found OpenSC Card!
> 2016-03-23 16:22:06.487 [pkcs15-tool] sec.c:206:sc_pin_cmd: returning
> with: 0 (Success)
> 2016-03-23 16:22:06.493 cannot lock memory, sensitive data may be paged to disk
> PIN code changed successfully.
> 2016-03-23 16:22:06.516 [pkcs15-tool] ctx.c:799:sc_release_context: called
>
>
> Similarly, when using private key stored on token for OpenVPN
> authentication, there are errors after entering the PIN interactively.
> Console log excerpt:
>
> Enter OpenSC Card (User PIN) token Password:
> 2016-03-23 16:02:21.334 cannot lock memory, sensitive data may be paged to disk
> Wed Mar 23 16:02:21 2016 PKCS#11: Cannot perform signature
> 512:'CKR_FUNCTION_REJECTED'
> Wed Mar 23 16:02:21 2016 TLS_ERROR: BIO read tls_read_plaintext error:
> error:14099004:SSL routines:SSL3_SEND_CLIENT_VERIFY:RSA lib
> Wed Mar 23 16:02:21 2016 TLS Error: TLS object -> incoming plaintext read error
> Wed Mar 23 16:02:21 2016 TLS Error: TLS handshake failed
>
>
>
> Is this a known problem?
> Please inform me if any more information is needed.
>
> Thanks,
>
> --
> twisteroid ambassado
>
> ------------------------------------------------------------------------------
> Transform Data into Opportunity.
> Accelerate data analysis in your applications with
> Intel Data Analytics Acceleration Library.
> Click to learn more.
> http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140
> _______________________________________________
> Opensc-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>
--
Douglas E. Engert <DEE...@gm...>
|
|
From: Philip W. <wen...@gm...> - 2016-03-24 12:51:03
|
No time to check, but this is likely related to https://github.com/OpenSC/OpenSC/issues/703 On Wed, 23 Mar 2016, 23:19 Douglas E Engert, <dee...@gm...> wrote: > In this with the powershell or cmd.exe? Are you using 32 or 64 bit version? > > I think it is a lock timeout. > I am seeing something similar on W10 64 bit. in both it fails. > > In powershell try this: > ./pkcs15-tool --change-pin -vvvvvvvvv > > 2016-03-23 16:37:56.154 [pkcs15-tool] > pkcs15-piv.c:1019:sc_pkcs15emu_piv_init: returning with: 0 (Success) > 2016-03-23 16:37:56.154 [pkcs15-tool] > pkcs15-syn.c:218:sc_pkcs15_bind_synthetic: returning with: 0 (Success) > 2016-03-23 16:37:56.154 [pkcs15-tool] card.c:434:sc_unlock: called > 2016-03-23 16:37:56.154 [pkcs15-tool] pkcs15.c:1251:sc_pkcs15_bind: > returning with: 0 (Success) > Found PIV_II! > Enter old PIN [PIV Card Holder pin]: Enter new PIN [PIV Card Holder pin]: > Enter new PIN again [PIV Card Holder pin]: 2016-03-23 16:38:03. > 968 [pkcs15-tool] pkcs15-pin.c:390:sc_pkcs15_change_pin: called > 2016-03-23 16:38:03.968 [pkcs15-tool] card.c:394:sc_lock: called > 2016-03-23 16:38:03.968 [pkcs15-tool] sec.c:159:sc_pin_cmd: called > 2016-03-23 16:38:03.984 [pkcs15-tool] apdu.c:563:sc_transmit_apdu: called > 2016-03-23 16:38:03.984 [pkcs15-tool] card.c:394:sc_lock: called > 2016-03-23 16:38:03.984 [pkcs15-tool] apdu.c:530:sc_transmit: called > 2016-03-23 16:38:03.984 [pkcs15-tool] apdu.c:384:sc_single_transmit: called > 2016-03-23 16:38:03.984 CLA:0, INS:24, P1:0, P2:80, data(16) 0018D328 > 2016-03-23 16:38:03.984 reader 'SCM Microsystems Inc. SCR35xx USB Smart > Card Reader 0' > 2016-03-23 16:38:03.984 > Outgoing APDU data [ 21 bytes] ===================================== > 00 24 00 80 10 31 32 33 34 35 36 37 38 31 32 33 .$...12345678123 > 34 35 36 FF FF 456.. > ====================================================================== > 2016-03-23 16:38:03.984 [pkcs15-tool] > reader-pcsc.c:190:pcsc_internal_transmit: called > 2016-03-23 16:38:03.984 SCM Microsystems Inc. SCR35xx USB Smart Card > Reader 0:SCardTransmit/Control failed: 0x80100068 > 2016-03-23 16:38:03.984 [pkcs15-tool] > reader-pcsc.c:384:pcsc_detect_card_presence: called > 2016-03-23 16:38:03.984 SCM Microsystems Inc. SCR35xx USB Smart Card > Reader 0 check > 2016-03-23 16:38:03.984 current state: 0x00050122 > 2016-03-23 16:38:03.984 previous state: 0x00050022 > 2016-03-23 16:38:03.984 card present > 2016-03-23 16:38:03.984 [pkcs15-tool] > reader-pcsc.c:389:pcsc_detect_card_presence: returning with: 5 > 2016-03-23 16:38:03.984 [pkcs15-tool] > reader-pcsc.c:384:pcsc_detect_card_presence: called > 2016-03-23 16:38:03.984 SCM Microsystems Inc. SCR35xx USB Smart Card > Reader 0 check > 2016-03-23 16:38:03.984 [pkcs15-tool] > reader-pcsc.c:313:refresh_attributes: returning with: 0 (Success) > 2016-03-23 16:38:03.984 [pkcs15-tool] > reader-pcsc.c:389:pcsc_detect_card_presence: returning with: 5 > 2016-03-23 16:38:03.984 unable to transmit > 2016-03-23 16:38:03.984 [pkcs15-tool] apdu.c:397:sc_single_transmit: > unable to transmit APDU: -1107 (Transmit failed) > 2016-03-23 16:38:03.984 [pkcs15-tool] apdu.c:533:sc_transmit: transmit > APDU failed: -1107 (Transmit failed) > 2016-03-23 16:38:03.984 [pkcs15-tool] card.c:434:sc_unlock: called > 2016-03-23 16:38:03.984 [pkcs15-tool] iso7816.c:1117:iso7816_pin_cmd: APDU > transmit failed: -1107 (Transmit failed) > 2016-03-23 16:38:03.984 [pkcs15-tool] sec.c:206:sc_pin_cmd: returning > with: -1107 (Transmit failed) > 2016-03-23 16:38:03.984 [pkcs15-tool] card.c:434:sc_unlock: called > PIN code change failed: Transmit failed > 2016-03-23 16:38:03.999 [pkcs15-tool] pkcs15.c:1264:sc_pkcs15_unbind: > called > 2016-03-23 16:38:03.999 [pkcs15-tool] > pkcs15-pin.c:690:sc_pkcs15_pincache_clear: called > 2016-03-23 16:38:03.999 [pkcs15-tool] card.c:434:sc_unlock: called > 2016-03-23 16:38:03.999 [pkcs15-tool] reader-pcsc.c:574:pcsc_unlock: called > 2016-03-23 16:38:03.999 SCM Microsystems Inc. SCR35xx USB Smart Card > Reader 0:SCardEndTransaction failed: 0x80100068 > > > Using cut-and-paste and an editor, shows: > Lock first called: > 2016-03-23 16:37:53.607 [pkcs15-tool] reader-pcsc.c:534:pcsc_lock: > called > > End of last APDU before trying to send change: > 2016-03-23 16:37:55.967 [pkcs15-tool] > apdu.c:399:sc_single_transmit: returning with: 0 (Success) > > When change pin failed to be sent to card: > 2016-03-23 16:38:03.984 [pkcs15-tool] > reader-pcsc.c:190:pcsc_internal_transmit: called > > Lock finally released: > Line 2491: 2016-03-23 16:38:03.999 [pkcs15-tool] > reader-pcsc.c:574:pcsc_unlock: called > > That is just over 8 seconds from last command to card, to prompt and enter > 3 pins and try and send next APDU. > > I remember reading something about this, but can no0t find the timeout in > the registry. > > > https://technet.microsoft.com/en-us/library/dn579258.aspx > > It could be: > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\Providers\Microsoft > Smart Card Key Storage Provider > > TransactionTimeoutMilliseconds which is 1.5 seconds. > > > > > On 3/23/2016 3:34 PM, twisteroid ambassador wrote: > > Hi, > > > > Entering PINs interactively at the command prompt doesn't seem to work > > in Windows 10. > > > > I have OpenSC 0.15.0 win64 installed in Windows 10, using ePass2003 > > tokens. The same hardware works fine under Linux (Arch x64, latest > > OpenSC). Under Windows, however, any operation that involves entering > > PIN at the interactive prompt doesn't seem to work. > > > > For example, pkcs15-tool --change-pin: > > > > C:\Program Files\OpenSC Project\OpenSC\tools>pkcs15-tool.exe > --change-pin -vv > > 2016-03-23 16:16:36.191 [pkcs15-tool] > > reader-pcsc.c:301:refresh_attributes: returning with: 0 (Success) > > 2016-03-23 16:16:36.197 [pkcs15-tool] > > reader-pcsc.c:377:pcsc_detect_card_presence: returning with: 1 > > Using reader with a card: FS USB Token 0 > > 2016-03-23 16:16:36.208 [pkcs15-tool] > > reader-pcsc.c:301:refresh_attributes: returning with: 0 (Success) > > 2016-03-23 16:16:36.211 [pkcs15-tool] > > reader-pcsc.c:377:pcsc_detect_card_presence: returning with: 1 > > Connecting to card in reader FS USB Token 0... > > 2016-03-23 16:16:36.217 [pkcs15-tool] card.c:148:sc_connect_card: called > > 2016-03-23 16:16:36.220 [pkcs15-tool] > > reader-pcsc.c:301:refresh_attributes: returning with: 0 (Success) > > 2016-03-23 16:16:36.223 [pkcs15-tool] > > card-entersafe.c:106:entersafe_match_card: called > > Using card driver epass2003. > > Trying to find a PKCS#15 compatible card... > > Found OpenSC Card! > > Enter old PIN [User PIN]: Enter new PIN [User PIN]: Enter new PIN > > again [User PIN]: 2016-03-23 16:16:43.390 [pkcs15-tool] > > reader-pcsc.c:377:pcsc_detect_card_presence: returning with: 5 > > 2016-03-23 16:16:43.398 [pkcs15-tool] > > reader-pcsc.c:301:refresh_attributes: returning with: 0 (Success) > > 2016-03-23 16:16:43.404 [pkcs15-tool] > > reader-pcsc.c:377:pcsc_detect_card_presence: returning with: 5 > > 2016-03-23 16:16:43.411 [pkcs15-tool] sec.c:206:sc_pin_cmd: returning > > with: -1107 (Transmit failed) > > PIN code change failed: Transmit failed > > 2016-03-23 16:16:43.426 [pkcs15-tool] ctx.c:799:sc_release_context: > called > > > > > > (Note the line starting with "Enter old pin". All those prompts do > > appear on the same line, as well as the next piece of debug info. > > Maybe this hints at a Windows/Linux EOL problem?) > > > > The same command does work if the PIN is included in the arguments: > > > > C:\Program Files\OpenSC Project\OpenSC\tools>pkcs15-tool.exe > > --change-pin -vv --pin oldpin12 --new-pin 12345678 > > 2016-03-23 16:22:05.713 [pkcs15-tool] > > reader-pcsc.c:377:pcsc_detect_card_presence: returning with: 1 > > Using reader with a card: FS USB Token 0 > > 2016-03-23 16:22:05.725 [pkcs15-tool] > > reader-pcsc.c:301:refresh_attributes: returning with: 0 (Success) > > 2016-03-23 16:22:05.730 [pkcs15-tool] > > reader-pcsc.c:377:pcsc_detect_card_presence: returning with: 1 > > Connecting to card in reader FS USB Token 0... > > 2016-03-23 16:22:05.740 [pkcs15-tool] card.c:148:sc_connect_card: called > > 2016-03-23 16:22:05.744 [pkcs15-tool] > > reader-pcsc.c:301:refresh_attributes: returning with: 0 (Success) > > 2016-03-23 16:22:05.752 [pkcs15-tool] > > card-entersafe.c:106:entersafe_match_card: called > > Using card driver epass2003. > > Trying to find a PKCS#15 compatible card... > > Found OpenSC Card! > > 2016-03-23 16:22:06.487 [pkcs15-tool] sec.c:206:sc_pin_cmd: returning > > with: 0 (Success) > > 2016-03-23 16:22:06.493 cannot lock memory, sensitive data may be paged > to disk > > PIN code changed successfully. > > 2016-03-23 16:22:06.516 [pkcs15-tool] ctx.c:799:sc_release_context: > called > > > > > > Similarly, when using private key stored on token for OpenVPN > > authentication, there are errors after entering the PIN interactively. > > Console log excerpt: > > > > Enter OpenSC Card (User PIN) token Password: > > 2016-03-23 16:02:21.334 cannot lock memory, sensitive data may be paged > to disk > > Wed Mar 23 16:02:21 2016 PKCS#11: Cannot perform signature > > 512:'CKR_FUNCTION_REJECTED' > > Wed Mar 23 16:02:21 2016 TLS_ERROR: BIO read tls_read_plaintext error: > > error:14099004:SSL routines:SSL3_SEND_CLIENT_VERIFY:RSA lib > > Wed Mar 23 16:02:21 2016 TLS Error: TLS object -> incoming plaintext > read error > > Wed Mar 23 16:02:21 2016 TLS Error: TLS handshake failed > > > > > > > > Is this a known problem? > > Please inform me if any more information is needed. > > > > Thanks, > > > > -- > > twisteroid ambassado > > > > > ------------------------------------------------------------------------------ > > Transform Data into Opportunity. > > Accelerate data analysis in your applications with > > Intel Data Analytics Acceleration Library. > > Click to learn more. > > http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140 > > _______________________________________________ > > Opensc-devel mailing list > > Ope...@li... > > https://lists.sourceforge.net/lists/listinfo/opensc-devel > > > > -- > > Douglas E. Engert <DEE...@gm...> > > > > ------------------------------------------------------------------------------ > Transform Data into Opportunity. > Accelerate data analysis in your applications with > Intel Data Analytics Acceleration Library. > Click to learn more. > http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140 > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel > |
|
From: twisteroid a. <twi...@gm...> - 2016-03-25 00:34:15
|
It was cmd.exe and 64 bit. Looks like you and Philip are both right. I also see the same errors in the log with enough -v flags. If I use an autohotkey script to enter the pins rapidly, then the PIN is changed successfully. On Mar 23, 2016 6:19 PM, "Douglas E Engert" <dee...@gm...> wrote: > In this with the powershell or cmd.exe? Are you using 32 or 64 bit version? > > I think it is a lock timeout. > I am seeing something similar on W10 64 bit. in both it fails. > > In powershell try this: > ./pkcs15-tool --change-pin -vvvvvvvvv > > 2016-03-23 16:37:56.154 [pkcs15-tool] > pkcs15-piv.c:1019:sc_pkcs15emu_piv_init: returning with: 0 (Success) > 2016-03-23 16:37:56.154 [pkcs15-tool] > pkcs15-syn.c:218:sc_pkcs15_bind_synthetic: returning with: 0 (Success) > 2016-03-23 16:37:56.154 [pkcs15-tool] card.c:434:sc_unlock: called > 2016-03-23 16:37:56.154 [pkcs15-tool] pkcs15.c:1251:sc_pkcs15_bind: > returning with: 0 (Success) > Found PIV_II! > Enter old PIN [PIV Card Holder pin]: Enter new PIN [PIV Card Holder pin]: > Enter new PIN again [PIV Card Holder pin]: 2016-03-23 16:38:03. > 968 [pkcs15-tool] pkcs15-pin.c:390:sc_pkcs15_change_pin: called > 2016-03-23 16:38:03.968 [pkcs15-tool] card.c:394:sc_lock: called > 2016-03-23 16:38:03.968 [pkcs15-tool] sec.c:159:sc_pin_cmd: called > 2016-03-23 16:38:03.984 [pkcs15-tool] apdu.c:563:sc_transmit_apdu: called > 2016-03-23 16:38:03.984 [pkcs15-tool] card.c:394:sc_lock: called > 2016-03-23 16:38:03.984 [pkcs15-tool] apdu.c:530:sc_transmit: called > 2016-03-23 16:38:03.984 [pkcs15-tool] apdu.c:384:sc_single_transmit: called > 2016-03-23 16:38:03.984 CLA:0, INS:24, P1:0, P2:80, data(16) 0018D328 > 2016-03-23 16:38:03.984 reader 'SCM Microsystems Inc. SCR35xx USB Smart > Card Reader 0' > 2016-03-23 16:38:03.984 > Outgoing APDU data [ 21 bytes] ===================================== > 00 24 00 80 10 31 32 33 34 35 36 37 38 31 32 33 .$...12345678123 > 34 35 36 FF FF 456.. > ====================================================================== > 2016-03-23 16:38:03.984 [pkcs15-tool] > reader-pcsc.c:190:pcsc_internal_transmit: called > 2016-03-23 16:38:03.984 SCM Microsystems Inc. SCR35xx USB Smart Card > Reader 0:SCardTransmit/Control failed: 0x80100068 > 2016-03-23 16:38:03.984 [pkcs15-tool] > reader-pcsc.c:384:pcsc_detect_card_presence: called > 2016-03-23 16:38:03.984 SCM Microsystems Inc. SCR35xx USB Smart Card > Reader 0 check > 2016-03-23 16:38:03.984 current state: 0x00050122 > 2016-03-23 16:38:03.984 previous state: 0x00050022 > 2016-03-23 16:38:03.984 card present > 2016-03-23 16:38:03.984 [pkcs15-tool] > reader-pcsc.c:389:pcsc_detect_card_presence: returning with: 5 > 2016-03-23 16:38:03.984 [pkcs15-tool] > reader-pcsc.c:384:pcsc_detect_card_presence: called > 2016-03-23 16:38:03.984 SCM Microsystems Inc. SCR35xx USB Smart Card > Reader 0 check > 2016-03-23 16:38:03.984 [pkcs15-tool] > reader-pcsc.c:313:refresh_attributes: returning with: 0 (Success) > 2016-03-23 16:38:03.984 [pkcs15-tool] > reader-pcsc.c:389:pcsc_detect_card_presence: returning with: 5 > 2016-03-23 16:38:03.984 unable to transmit > 2016-03-23 16:38:03.984 [pkcs15-tool] apdu.c:397:sc_single_transmit: > unable to transmit APDU: -1107 (Transmit failed) > 2016-03-23 16:38:03.984 [pkcs15-tool] apdu.c:533:sc_transmit: transmit > APDU failed: -1107 (Transmit failed) > 2016-03-23 16:38:03.984 [pkcs15-tool] card.c:434:sc_unlock: called > 2016-03-23 16:38:03.984 [pkcs15-tool] iso7816.c:1117:iso7816_pin_cmd: APDU > transmit failed: -1107 (Transmit failed) > 2016-03-23 16:38:03.984 [pkcs15-tool] sec.c:206:sc_pin_cmd: returning > with: -1107 (Transmit failed) > 2016-03-23 16:38:03.984 [pkcs15-tool] card.c:434:sc_unlock: called > PIN code change failed: Transmit failed > 2016-03-23 16:38:03.999 [pkcs15-tool] pkcs15.c:1264:sc_pkcs15_unbind: > called > 2016-03-23 16:38:03.999 [pkcs15-tool] > pkcs15-pin.c:690:sc_pkcs15_pincache_clear: called > 2016-03-23 16:38:03.999 [pkcs15-tool] card.c:434:sc_unlock: called > 2016-03-23 16:38:03.999 [pkcs15-tool] reader-pcsc.c:574:pcsc_unlock: called > 2016-03-23 16:38:03.999 SCM Microsystems Inc. SCR35xx USB Smart Card > Reader 0:SCardEndTransaction failed: 0x80100068 > > > Using cut-and-paste and an editor, shows: > Lock first called: > 2016-03-23 16:37:53.607 [pkcs15-tool] reader-pcsc.c:534:pcsc_lock: > called > > End of last APDU before trying to send change: > 2016-03-23 16:37:55.967 [pkcs15-tool] > apdu.c:399:sc_single_transmit: returning with: 0 (Success) > > When change pin failed to be sent to card: > 2016-03-23 16:38:03.984 [pkcs15-tool] > reader-pcsc.c:190:pcsc_internal_transmit: called > > Lock finally released: > Line 2491: 2016-03-23 16:38:03.999 [pkcs15-tool] > reader-pcsc.c:574:pcsc_unlock: called > > That is just over 8 seconds from last command to card, to prompt and enter > 3 pins and try and send next APDU. > > I remember reading something about this, but can no0t find the timeout in > the registry. > > > https://technet.microsoft.com/en-us/library/dn579258.aspx > > It could be: > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\Providers\Microsoft > Smart Card Key Storage Provider > > TransactionTimeoutMilliseconds which is 1.5 seconds. > > > > > On 3/23/2016 3:34 PM, twisteroid ambassador wrote: > > Hi, > > > > Entering PINs interactively at the command prompt doesn't seem to work > > in Windows 10. > > > > I have OpenSC 0.15.0 win64 installed in Windows 10, using ePass2003 > > tokens. The same hardware works fine under Linux (Arch x64, latest > > OpenSC). Under Windows, however, any operation that involves entering > > PIN at the interactive prompt doesn't seem to work. > > > > For example, pkcs15-tool --change-pin: > > > > C:\Program Files\OpenSC Project\OpenSC\tools>pkcs15-tool.exe > --change-pin -vv > > 2016-03-23 16:16:36.191 [pkcs15-tool] > > reader-pcsc.c:301:refresh_attributes: returning with: 0 (Success) > > 2016-03-23 16:16:36.197 [pkcs15-tool] > > reader-pcsc.c:377:pcsc_detect_card_presence: returning with: 1 > > Using reader with a card: FS USB Token 0 > > 2016-03-23 16:16:36.208 [pkcs15-tool] > > reader-pcsc.c:301:refresh_attributes: returning with: 0 (Success) > > 2016-03-23 16:16:36.211 [pkcs15-tool] > > reader-pcsc.c:377:pcsc_detect_card_presence: returning with: 1 > > Connecting to card in reader FS USB Token 0... > > 2016-03-23 16:16:36.217 [pkcs15-tool] card.c:148:sc_connect_card: called > > 2016-03-23 16:16:36.220 [pkcs15-tool] > > reader-pcsc.c:301:refresh_attributes: returning with: 0 (Success) > > 2016-03-23 16:16:36.223 [pkcs15-tool] > > card-entersafe.c:106:entersafe_match_card: called > > Using card driver epass2003. > > Trying to find a PKCS#15 compatible card... > > Found OpenSC Card! > > Enter old PIN [User PIN]: Enter new PIN [User PIN]: Enter new PIN > > again [User PIN]: 2016-03-23 16:16:43.390 [pkcs15-tool] > > reader-pcsc.c:377:pcsc_detect_card_presence: returning with: 5 > > 2016-03-23 16:16:43.398 [pkcs15-tool] > > reader-pcsc.c:301:refresh_attributes: returning with: 0 (Success) > > 2016-03-23 16:16:43.404 [pkcs15-tool] > > reader-pcsc.c:377:pcsc_detect_card_presence: returning with: 5 > > 2016-03-23 16:16:43.411 [pkcs15-tool] sec.c:206:sc_pin_cmd: returning > > with: -1107 (Transmit failed) > > PIN code change failed: Transmit failed > > 2016-03-23 16:16:43.426 [pkcs15-tool] ctx.c:799:sc_release_context: > called > > > > > > (Note the line starting with "Enter old pin". All those prompts do > > appear on the same line, as well as the next piece of debug info. > > Maybe this hints at a Windows/Linux EOL problem?) > > > > The same command does work if the PIN is included in the arguments: > > > > C:\Program Files\OpenSC Project\OpenSC\tools>pkcs15-tool.exe > > --change-pin -vv --pin oldpin12 --new-pin 12345678 > > 2016-03-23 16:22:05.713 [pkcs15-tool] > > reader-pcsc.c:377:pcsc_detect_card_presence: returning with: 1 > > Using reader with a card: FS USB Token 0 > > 2016-03-23 16:22:05.725 [pkcs15-tool] > > reader-pcsc.c:301:refresh_attributes: returning with: 0 (Success) > > 2016-03-23 16:22:05.730 [pkcs15-tool] > > reader-pcsc.c:377:pcsc_detect_card_presence: returning with: 1 > > Connecting to card in reader FS USB Token 0... > > 2016-03-23 16:22:05.740 [pkcs15-tool] card.c:148:sc_connect_card: called > > 2016-03-23 16:22:05.744 [pkcs15-tool] > > reader-pcsc.c:301:refresh_attributes: returning with: 0 (Success) > > 2016-03-23 16:22:05.752 [pkcs15-tool] > > card-entersafe.c:106:entersafe_match_card: called > > Using card driver epass2003. > > Trying to find a PKCS#15 compatible card... > > Found OpenSC Card! > > 2016-03-23 16:22:06.487 [pkcs15-tool] sec.c:206:sc_pin_cmd: returning > > with: 0 (Success) > > 2016-03-23 16:22:06.493 cannot lock memory, sensitive data may be paged > to disk > > PIN code changed successfully. > > 2016-03-23 16:22:06.516 [pkcs15-tool] ctx.c:799:sc_release_context: > called > > > > > > Similarly, when using private key stored on token for OpenVPN > > authentication, there are errors after entering the PIN interactively. > > Console log excerpt: > > > > Enter OpenSC Card (User PIN) token Password: > > 2016-03-23 16:02:21.334 cannot lock memory, sensitive data may be paged > to disk > > Wed Mar 23 16:02:21 2016 PKCS#11: Cannot perform signature > > 512:'CKR_FUNCTION_REJECTED' > > Wed Mar 23 16:02:21 2016 TLS_ERROR: BIO read tls_read_plaintext error: > > error:14099004:SSL routines:SSL3_SEND_CLIENT_VERIFY:RSA lib > > Wed Mar 23 16:02:21 2016 TLS Error: TLS object -> incoming plaintext > read error > > Wed Mar 23 16:02:21 2016 TLS Error: TLS handshake failed > > > > > > > > Is this a known problem? > > Please inform me if any more information is needed. > > > > Thanks, > > > > -- > > twisteroid ambassado > > > > > ------------------------------------------------------------------------------ > > Transform Data into Opportunity. > > Accelerate data analysis in your applications with > > Intel Data Analytics Acceleration Library. > > Click to learn more. > > http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140 > > _______________________________________________ > > Opensc-devel mailing list > > Ope...@li... > > https://lists.sourceforge.net/lists/listinfo/opensc-devel > > > > -- > > Douglas E. Engert <DEE...@gm...> > > > > ------------------------------------------------------------------------------ > Transform Data into Opportunity. > Accelerate data analysis in your applications with > Intel Data Analytics Acceleration Library. > Click to learn more. > http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140 > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel > |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X