'Re: [Opensc-devel] help with piv card'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       opensc-devel
Subject:    Re: [Opensc-devel] help with piv card
From:       Ray Lambert <codemonkey () interthingy ! net>
Date:       2020-03-27 23:29:21
Message-ID: 93b72f9c-bbc9-0b4b-4bbd-a4b3a23c9bf9 () interthingy ! net
[Download RAW message or body]

Hi again,

Just a quick final follow-up.  I did try cleaning the card & reader, as 
you suggested, but it didn't help.  I eventually got around to checking 
the system log (again) and this time I noticed errors from pcsc 
indicating a HW problem.  If I restart pcsc with no card present it 
reports HW errors talking to the reader and concludes that it cannot 
register the reader.  If I restart with the card present I see a lot 
card read errors (which tend to bury the HW messages).  I'm guessing 
this is how I missed those messages earlier, since I almost always leave 
the card in.

So, bottom line, it appears that the reader has in fact failed (although 
I still don't like the coincidence).  I have ordered a new usb reader 
from amazon and hopefully that will solve the problem.

Thanks again for everyone's help!

~ray

On 3/26/20 6:03 PM, Douglas E Engert wrote:
> Sounds like a physical contact problem between the reader and card. 
> Have you
> tried cleaning the contacts. a pencil eraser can be used.
>
> You say the reader worked for years. Look at the contacts, dirty or bent?
> You said: "and the new one works on Windows." I assume with a 
> different reader?
>
> Could also be power issue with new card needing more power then the 
> old one.
>
> Could be new card is a little out of spec, and does not make good contact
> with old reader.
>
> Google for: how to clean smart card reader
>
> I would try another reader on the same machine too.
>
>
>
>
> On 3/26/2020 4:04 PM, Ray Lambert wrote:
>> On 3/26/20 8:05 AM, Douglas E Engert wrote:
>>> What does `OPENSC_DEBUG=3 pkcs11-tool -O`
>>>
>>> Note PIV driver caches and parses the certificates early in the process
>>> and would show if the card is dead, or if certificates can not be 
>>> parsed.
>>>
>> Hi Douglas,
>>
>> Thanks for the response.  Not sure if I should post the whole output 
>> to this list (it's ~20k, 147 lines)?
>>
>> pcsc functions appear to be returning "-1113 (Unresponsive card 
>> (correctly inserted?))" consistently and the final error appears to 
>> be "CKR_DEVICE_ERROR (0x30)":
>>
>> P:31787; T:0x140133000816448 16:53:07.536 [opensc-pkcs11] 
>> pkcs11-global.c:596:C_GetSlotInfo: C_GetSlotInfo() card detect rv 0x30
>> P:31787; T:0x140133000816448 16:53:07.536 [opensc-pkcs11] 
>> pkcs11-global.c:613:C_GetSlotInfo: C_GetSlotInfo() flags 0x20
>> P:31787; T:0x140133000816448 16:53:07.536 [opensc-pkcs11] 
>> pkcs11-global.c:614:C_GetSlotInfo: C_GetSlotInfo(0x0) = CKR_DEVICE_ERROR
>> P:31787; T:0x140133000816448 16:53:07.536 [opensc-pkcs11] 
>> pkcs11-global.c:365:C_Finalize: C_Finalize()
>>
>> I've tried reinserting the card but no dice.  As I mentioned, the old 
>> card was working fine and the new one works on Windows. It would be 
>> quite a coincidence if the card reader died at the same time I got a 
>> new card(?).
>>
>> Please LMK if you need more.
>>
>> Thanks again!
>>
>> ~ray
>>
>>
>>>
>>>
>>> On 3/25/2020 6:53 PM, Ray Lambert wrote:
>>>> Hi,
>>>>
>>>> I'm trying to get a new PIV card to work and hoping someone can help.
>>>>
>>>> The old card was working perfectly for some time with openconnect 
>>>> vpn, pcsc, and p11-kit on Manjaro (fully updated).
>>>>
>>>> The new card is recognized and the ATR is accessible but the card 
>>>> is not otherwise visible (no tokens).
>>>>
>>>> I recently installed opensc to try to get it work but the results 
>>>> are the same.  I was advised (on the OC mailing list) that a 
>>>> different pkcs#11 driver may be needed.
>>>>
>>>> The card type (according to ActivClient on Windows) is "ID-One 
>>>> Cosmo v8.0 128K with PIV 2.3.5" (Oberthur).
>>>>
>>>> opensc results are:
>>>>
>>>> ####
>>>>
>>>> $ opensc-tool -l
>>>> # Detected readers (pcsc)
>>>> Nr.  Card  Features  Name
>>>> 0    Yes             Broadcom Corp 5880 [Contacted SmartCard] 
>>>> (0123456789ABCD) 00 00
>>>>
>>>> $ opensc-tool -a
>>>>
>>>> Using reader with a card: Broadcom Corp 5880 [Contacted SmartCard] 
>>>> (0123456789ABCD) 00 00
>>>> 3b:d6:97:00:81:b1:fe:45:1f:07:80:31:c1:52:11:18:f9
>>>>
>>>> $ opensc-tool -n
>>>> Using reader with a card: Broadcom Corp 5880 [Contacted SmartCard] 
>>>> (0123456789ABCD) 00 00
>>>> Failed to connect to card: Unresponsive card (correctly inserted?)
>>>>
>>>> ####
>>>>
>>>> pcsc_scan returns the same ATR (different format) and identifies it 
>>>> (via smartcard_list.txt) as: "NASA Personal Identity Verification 
>>>> (PIV) card (eID)".  (Note: this is a USG-issued card but not from 
>>>> NASA.)
>>>>
>>>> I would greatly appreciate any insight or advice anyone can offer!
>>>>
>>>> Thanks,
>>>>
>>>> ~ray
>>>
>>
>>
>> .
>


_______________________________________________
Opensc-devel mailing list
Opensc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensc-devel

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic