[Pki-users] [Non-DoD Source] Re: Fedora 22 - ESC Error

Christina Fu cfu at redhat.com
Fri Jan 29 18:46:25 UTC 2016 

Hi Neill,
I'm not sure what could have gone wrong.  And again, I'm really not an 
expert in this area.  Our smart card guy has been out sick.
And apparently I'm not doing a good job playing him ;-).

Could you provide your esc version?
Our latest f22 esc is here: 
http://koji.fedoraproject.org/koji/buildinfo?buildID=672713

One thing you could try is to see if esc is even trying to read the card 
(debugging I learned from our guy).
You can rerun the pcscd like the following:

export COOL_KEY_LOG_FILE=/tmp/coolkey.debug  (this can be anything 
value, I don't think it actually writes to it)
killall pcscd
/usr/sbin/pcscd -f -d -a
(this will produce a lot of debugging on terminal)

restart esc on another terminal (*make sure you put in the phone home 
url; sometimes that pops up behind the ESC*) and observe if the debug 
terminal indicates any recognition of card read.

For example, on my system, when I remove my card, i can see
EHStatusHandlerThread() Card Removed From OMNIKEY AG CardMan 3121 00 00
when I reinsert it, I see
EHStatusHandlerThread() Card inserted into OMNIKEY AG CardMan 3121 00 00

Let us know how it goes.
Christina

On 01/27/2016 09:55 AM, Thornton, Neill R. CIV wrote:
> Christina,
>
> Thanks... I went into Info.plist and changed the ifdDriverOptions to each of the following:
>
> - 0x0010
> - 0x0020
> - 0x0001
> - 0x0002
>
> Restarting escd and pcsc each time.  After each change I verified that pcsc_scan was still showing the card inserted, no issues there.  Just won't show up in the ESC.
>
> Thanks again,
>
> Neill
>
> -----Original Message-----
> From: pki-users-bounces at redhat.com [mailto:pki-users-bounces at redhat.com] On Behalf Of Christina Fu
> Sent: Wednesday, January 27, 2016 9:45 AM
> To: pki-users at redhat.com
> Subject: [Non-DoD Source] Re: [Pki-users] Fedora 22 - ESC Error
>
> oops, some correction...
>
> On 01/27/2016 09:40 AM, Christina Fu wrote:
>> Hi Neil,
> I meant Neill...sorry
>> I am no expert, but I do know for different cards you need to diddle
>> with the ifdDriverOptions value in
>> /usr/lib64/pcsc/drivers/ifd-ccid.bundle/Contents/Info.plist
>>
>> By default, I think it's
>> <string>0x0000</string>
>>
>> My guess is that you could change it to <string>0x0010</string>
>> restart the escd
> actually, restart pcscd too.
>> if that doesn't work,
>> change it to
>> <string>0x0020</string>
>> etc.
>>
>> Hope this helps, and please let us know how it works out for you
>> (which value it works for the card).
>>
>> Christina
>>
>> On 01/26/2016 05:49 PM, Thornton, Neill R. CIV wrote:
>>> All,
>>>
>>> I am hoping someone can help me out with a green field Dogtag
>>> install.  We have installed all of the correct subsystems, and wanted
>>> to try and provision a hardware smart card.  We are using Axalto
>>> Cyberflex 64k cards for testing.  This is on Fedora 22, both the
>>> Dogtag server and the enrollment workstation have been updated using
>>> dnf to the latest packages.
>>>
>>> pcsc_scan on the enrollment station reports the following:
>>>
>>> PC/SC device scanner
>>> V 1.4.23 (c) 2001-2011, Ludovic Rousseau <ludovic.rousseau at free.fr>
>>> Compiled with PC/SC lite version: 1.8.13 Using reader plug'n play
>>> mechanism Scanning present readers...
>>> 0: SCM Microsystems Inc. SCR 355 [CCID Interface] 00 00
>>>
>>> Tue Jan 26 17:42:20 2016
>>> Reader 0: SCM Microsystems Inc. SCR 355 [CCID Interface] 00 00
>>>     Card state: Card inserted, Shared Mode,
>>>     ATR: 3B 95 95 40 FF AE 01 03 00 00
>>>
>>> defined(@array) is deprecated at
>>> /usr/lib64/perl5/vendor_perl/Chipcard/PCSC.pm
>>> l                                  ine 69.
>>>           (Maybe you should just omit the defined()?)
>>> ATR: 3B 95 95 40 FF AE 01 03 00 00
>>> + TS = 3B --> Direct Convention
>>> + T0 = 95, Y(1): 1001, K: 5 (historical bytes)
>>>     TA(1) = 95 --> Fi=512, Di=16, 32 cycles/ETU
>>>       125000 bits/s at 4 MHz, fMax for Fi = 5 MHz => 156250 bits/s
>>>     TD(1) = 40 --> Y(i+1) = 0100, Protocol T = 0
>>> -----
>>>     TC(2) = FF --> Work waiting time: 960 x 255 x (Fi/F)
>>> + Historical bytes: AE 01 03 00 00
>>>     Category indicator byte: AE (proprietary format)
>>>
>>> Possibly identified card (using /usr/share/pcsc/smartcard_list.txt):
>>> 3B 95 95 40 FF AE 01 03 00 00
>>>           Axalto - Cyberflex 64K
>>>           Gemalto TOP IM FIPS CY2 (product code HWP115291A)
>>>
>>> --
>>>
>>>
>>> However, when we start esc, either as root or as a user, the GUI will
>>> start and display no smart cards.  When the "Diagnostics" button is
>>> pressed, an error dialog appears saying
>>> "coolkey.GetAvailableCoolKeys() failed! Undefined(undefined)".
>>>
>>> After pressing OK, the diagnostic window displays, confirming 0 smart
>>> cards are detected.  System versions are listed as:
>>> Smart Card Manager Version: null
>>> System Versions: Mozilla/5.0 (x11; linux x86_64; rv:38.0)
>>> gecko/20100101 esc/1.1.0-24
>>>
>>> Any insight to our problem would be greatly appreciated!
>>>
>>> Thanks,
>>>
>>> Neill
>>>
>>> --
>>> Neill Thornton
>>> Chief Information Officer - Medical Treatment Facility USNS Mercy
>>> 619-235-3857 - Desk
>>> 619-206-5426 - Cell
>>> neill.thornton at mercy.navy.mil / neill.thornton at mercy.navy.smil.mil
>>>
>>>
>>> _______________________________________________
>>> Pki-users mailing list
>>> Pki-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/pki-users
>> _______________________________________________
>> Pki-users mailing list
>> Pki-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-users
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20160129/46bc3f76/attachment.htm>

More information about the Pki-users mailing list