[Pki-users] PIV-II middleware bug in coolkey

Nordgren, Bryce L -FS bnordgren at fs.fed.us
Sat May 16 20:34:25 UTC 2015


Continuation of thread started in: https://www.redhat.com/archives/pki-users/2015-April/msg00041.html

Synopsis: coolkey misinterprets my USDA LincPass (issued by a GSA Credentialing Center) as a CAC, then fails. It's a PIV-II, according to OpenSC, which doesn't fail.

Using the OpenSC module with pam-pkcs11, I was able to get pklogin_finder to validate my certificates and associate my card to a user account via cn mapper. Using the coolkey module, errors ensued and logs are attached to the above thread.

The question is: how do I/should I report this bug? Coolkey looks dead. No svn commits for 4 years. Last mailing list traffic on coolkey-devel was 2012. Is there anyone on the project?

In the interim, I was also able to locate a standard deck of test cards [1], both for 30 day loan and for purchase @ $1900. The test deck contains two "golden" cards and 22 cards with known problems that the software should catch. It does not appear I can request an "extra" card from USDA for testing. If there's anyone left to update coolkey, do you think the 30 day loan (potentially with an extension) is enough time to debug the software, or at the very least get a start on it?

If the $1900 deck is necessary to add this functionality, it may be possible to donate or semi-permanently loan a set to the open source project.  But I'd definitely need to understand what the coolkey project's release and testing plan is and who would hold the physical assets.

Thanks,
Bryce

[1] http://www.idmanagement.gov/ficam-testing-program

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20150516/dfa627cb/attachment.htm>


More information about the Pki-users mailing list