From: Tyler Hicks <tyhicks@canonical.com>
To: Space Cake <spacecakex@gmail.com>
Cc: ecryptfs@vger.kernel.org
Subject: Re: ecryptfs / aladdin token
Date: Tue, 17 Jan 2012 12:53:16 -0600 [thread overview]
Message-ID: <20120117185315.GB8155@boyd> (raw)
In-Reply-To: <4F15A514.8050106@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 2653 bytes --]
On 2012-01-17 17:43:00, Space Cake wrote:
> Hi,
>
> I'm trying to use an aladdin token to access some sensitive information.
> Unfortunately I'm getting the following error message
>
> vlad@brutal ~ $ ecryptfs-manager
>
> eCryptfs key management menu
> -------------------------------
> 1. Add passphrase key to keyring
> 2. Add public key to keyring
> 3. Generate new public/private keypair
> 4. Exit
>
> Make selection: 2
> [opensc-pkcs11] reader-pcsc.c:896:pcsc_detect_readers: SCardListReaders
> failed: 0x8010002e
> [opensc-pkcs11] reader-pcsc.c:1015:pcsc_detect_readers: returning with:
> No readers found
> Select key type to use for newly created files:
> 1) tspi
> 2) passphrase
> 3) openssl
> 4) pkcs11-helper
> Selection: 4
> [opensc-pkcs11] reader-pcsc.c:896:pcsc_detect_readers: SCardListReaders
> failed: 0x8010002e
> [opensc-pkcs11] reader-pcsc.c:1015:pcsc_detect_readers: returning with:
> No readers found
> [opensc-pkcs11] reader-pcsc.c:896:pcsc_detect_readers: SCardListReaders
> failed: 0x8010002e
> [opensc-pkcs11] reader-pcsc.c:1015:pcsc_detect_readers: returning with:
> No readers found
> PKCS#11 Serialized ID:
> Passphrase (empty for interactive):
> Optional X.509 Certificate PEM file:
> Error processing key generation decision graph; rc = [-5]
>
> I can see the card from pkcs11-tool
>
> vlad@brutal ~ $ pkcs11-tool -L
> [opensc-pkcs11] reader-pcsc.c:896:pcsc_detect_readers: SCardListReaders
> failed: 0x8010002e
> [opensc-pkcs11] reader-pcsc.c:1015:pcsc_detect_readers: returning with:
> No readers found
> [opensc-pkcs11] reader-pcsc.c:896:pcsc_detect_readers: SCardListReaders
> failed: 0x8010002e
> [opensc-pkcs11] reader-pcsc.c:1015:pcsc_detect_readers: returning with:
> No readers found
> Available slots:
> Slot 0 Aladdin eToken PRO
> token label: OpenSC Card (vlad)
> token manuf: OpenSC Project
> token model: PKCS#15
> token flags: login required, PIN initialized, token initialized
> serial num : 262119072909
>
> any idea? same token is working for ssh login
It is likely a bug with the eCryptfs pkcs11-helper key module. It
doesn't get much use and neither of us eCryptfs maintainers have the
appropriate hardware to test it (it was contributed by the pkcs11-helper
maintainer, IIRC).
Feel free to file a bug in launchpad:
https://bugs.launchpad.net/ecryptfs/+filebug
But do keep in mind that we don't have the needed hardware to fix it.
I've looked into buying an eToken PRO for personal use, but sourcing
just one in the US didn't seem to be very easy at the time.
Tyler
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
prev parent reply other threads:[~2012-01-17 18:53 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-01-17 16:43 ecryptfs / aladdin token Space Cake
2012-01-17 18:53 ` Tyler Hicks [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120117185315.GB8155@boyd \
--to=tyhicks@canonical.com \
--cc=ecryptfs@vger.kernel.org \
--cc=spacecakex@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.