[prev in list] [next in list] [prev in thread] [next in thread]
List: opensc-devel
Subject: Re: [Opensc-devel] help with piv card
From: Ray Lambert <codemonkey () interthingy ! net>
Date: 2020-03-27 23:29:21
Message-ID: 93b72f9c-bbc9-0b4b-4bbd-a4b3a23c9bf9 () interthingy ! net
[Download RAW message or body]
Hi again,
Just a quick final follow-up. I did try cleaning the card & reader, as
you suggested, but it didn't help. I eventually got around to checking
the system log (again) and this time I noticed errors from pcsc
indicating a HW problem. If I restart pcsc with no card present it
reports HW errors talking to the reader and concludes that it cannot
register the reader. If I restart with the card present I see a lot
card read errors (which tend to bury the HW messages). I'm guessing
this is how I missed those messages earlier, since I almost always leave
the card in.
So, bottom line, it appears that the reader has in fact failed (although
I still don't like the coincidence). I have ordered a new usb reader
from amazon and hopefully that will solve the problem.
Thanks again for everyone's help!
~ray
On 3/26/20 6:03 PM, Douglas E Engert wrote:
> Sounds like a physical contact problem between the reader and card.
> Have you
> tried cleaning the contacts. a pencil eraser can be used.
>
> You say the reader worked for years. Look at the contacts, dirty or bent?
> You said: "and the new one works on Windows." I assume with a
> different reader?
>
> Could also be power issue with new card needing more power then the
> old one.
>
> Could be new card is a little out of spec, and does not make good contact
> with old reader.
>
> Google for: how to clean smart card reader
>
> I would try another reader on the same machine too.
>
>
>
>
> On 3/26/2020 4:04 PM, Ray Lambert wrote:
>> On 3/26/20 8:05 AM, Douglas E Engert wrote:
>>> What does `OPENSC_DEBUG=3 pkcs11-tool -O`
>>>
>>> Note PIV driver caches and parses the certificates early in the process
>>> and would show if the card is dead, or if certificates can not be
>>> parsed.
>>>
>> Hi Douglas,
>>
>> Thanks for the response. Not sure if I should post the whole output
>> to this list (it's ~20k, 147 lines)?
>>
>> pcsc functions appear to be returning "-1113 (Unresponsive card
>> (correctly inserted?))" consistently and the final error appears to
>> be "CKR_DEVICE_ERROR (0x30)":
>>
>> P:31787; T:0x140133000816448 16:53:07.536 [opensc-pkcs11]
>> pkcs11-global.c:596:C_GetSlotInfo: C_GetSlotInfo() card detect rv 0x30
>> P:31787; T:0x140133000816448 16:53:07.536 [opensc-pkcs11]
>> pkcs11-global.c:613:C_GetSlotInfo: C_GetSlotInfo() flags 0x20
>> P:31787; T:0x140133000816448 16:53:07.536 [opensc-pkcs11]
>> pkcs11-global.c:614:C_GetSlotInfo: C_GetSlotInfo(0x0) = CKR_DEVICE_ERROR
>> P:31787; T:0x140133000816448 16:53:07.536 [opensc-pkcs11]
>> pkcs11-global.c:365:C_Finalize: C_Finalize()
>>
>> I've tried reinserting the card but no dice. As I mentioned, the old
>> card was working fine and the new one works on Windows. It would be
>> quite a coincidence if the card reader died at the same time I got a
>> new card(?).
>>
>> Please LMK if you need more.
>>
>> Thanks again!
>>
>> ~ray
>>
>>
>>>
>>>
>>> On 3/25/2020 6:53 PM, Ray Lambert wrote:
>>>> Hi,
>>>>
>>>> I'm trying to get a new PIV card to work and hoping someone can help.
>>>>
>>>> The old card was working perfectly for some time with openconnect
>>>> vpn, pcsc, and p11-kit on Manjaro (fully updated).
>>>>
>>>> The new card is recognized and the ATR is accessible but the card
>>>> is not otherwise visible (no tokens).
>>>>
>>>> I recently installed opensc to try to get it work but the results
>>>> are the same. I was advised (on the OC mailing list) that a
>>>> different pkcs#11 driver may be needed.
>>>>
>>>> The card type (according to ActivClient on Windows) is "ID-One
>>>> Cosmo v8.0 128K with PIV 2.3.5" (Oberthur).
>>>>
>>>> opensc results are:
>>>>
>>>> ####
>>>>
>>>> $ opensc-tool -l
>>>> # Detected readers (pcsc)
>>>> Nr. Card Features Name
>>>> 0 Yes Broadcom Corp 5880 [Contacted SmartCard]
>>>> (0123456789ABCD) 00 00
>>>>
>>>> $ opensc-tool -a
>>>>
>>>> Using reader with a card: Broadcom Corp 5880 [Contacted SmartCard]
>>>> (0123456789ABCD) 00 00
>>>> 3b:d6:97:00:81:b1:fe:45:1f:07:80:31:c1:52:11:18:f9
>>>>
>>>> $ opensc-tool -n
>>>> Using reader with a card: Broadcom Corp 5880 [Contacted SmartCard]
>>>> (0123456789ABCD) 00 00
>>>> Failed to connect to card: Unresponsive card (correctly inserted?)
>>>>
>>>> ####
>>>>
>>>> pcsc_scan returns the same ATR (different format) and identifies it
>>>> (via smartcard_list.txt) as: "NASA Personal Identity Verification
>>>> (PIV) card (eID)". (Note: this is a USG-issued card but not from
>>>> NASA.)
>>>>
>>>> I would greatly appreciate any insight or advice anyone can offer!
>>>>
>>>> Thanks,
>>>>
>>>> ~ray
>>>
>>
>>
>> .
>
_______________________________________________
Opensc-devel mailing list
Opensc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensc-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic