[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] openvpn PKCS#11 problem in Windows XP


  • Subject: [Openvpn-users] openvpn PKCS#11 problem in Windows XP
  • From: "Mister T" <internetthierry@xxxxxxxxx>
  • Date: Mon, 7 May 2007 16:30:28 +0200

Dear,
In linux my Starcos smartcard is working fine. I was able to put the required keys and
certificates on it with pkcs15-init. Using it to authenticate and setup a openvpn
tunnel also works fine.

In Windows XP though, the smartcard is listed by the opensc-tool and also accessible via
"opensc-explorer -r 1" but openvpn seems having problem with the PIN or the card.

Can you advice me what to do to get openvpn working in Windows XP.

Thanks,
Thierry

hereunder the output of some commands:

c:\Program Files\Smart card bundle>opensc-tool -l
0 pcsc O2Micro PCMCIA Reader 0
1 pcsc OMNIKEY Cardman 6121 0

C:\Program Files\Smart card bundle>opensc-tool -nv -r 1
Connecting to card in reader OMNIKEY CardMan 6121 0...
Using card driver STARCOS SPK 2.3.
Card name: STARCOS SPK 2.3

C:\Program Files\Smart card bundle>openvpn --show-pkcs11-slots "C:\\Program Files\\Smart card bundle\\opensc- pkcs11.dll"
unable to enumerate apps: Wrong length
pkcs15.c:711:sc_pkcs15_bind: returning with: Unsupported card
Provider Information:
cryptokiVersion: 2.11
manufacturerID: OpenSC Project ( www.opensc-proje
flags: 0

The following slots are available for use with this provider.
Each slot shown below may be used as a parameter to a
--pkcs11-slot-type and --pkcs11-slot options.

Slots: (id - name)
0 - O2Micro PCMCIA Reader 0
1 - O2Micro PCMCIA Reader 0
2 - O2Micro PCMCIA Reader 0
3 - O2Micro PCMCIA Reader 0
4 - OMNIKEY CardMan 6121 0
5 - OMNIKEY CardMan 6121 0
6 - OMNIKEY CardMan 6121 0
7 - OMNIKEY CardMan 6121 0


C:\Program Files\Smart card bundle>openvpn --show-pkcs11-objects "C:\\Program Files\\Smart card bundle\\opensc- pkcs11.dll" 4
PIN:
unable to enumerate apps: Wrong length
pkcs15.c:711:sc_pkcs15_bind: returning with: Unsupported card
Token Information:
label:
manufacturerID:
model:
serialNumber:
flags: 00000000

You can access this token using

--pkcs11-slot-type "label" --pkcs11-slot "" options.

PKCS#11: Cannot login to token on slot 4 258-'CKR_USER_PIN_NOT_INITIALIZED'
The following objects are available for use with this token.


Each object shown below may be used as a parameter to
--pkcs11-id-type and --pkcs11-id options.



C:\Program Files\Smart card bundle>opensc-explorer -r 1
OpenSC Explorer version 0.11.1
OpenSC [3F00]> info

Dedicated File ID 3F00
File path: 3F00
File size: 0 bytes
ACL for SELECT: N/A
ACL for LOCK: N/A
ACL for DELETE: N/A
ACL for CREATE: N/A
ACL for REHABILITATE: N/A
ACL for INVALIDATE: N/A
ACL for LIST FILES: N/A

OpenSC [3F00]> cd 5015
OpenSC [3F00/5015]> cat 4401
00000000: 30 40 30 1A 0C 14 53 65 63 75 72 69 74 79 20 4F 0 <at> 0...Security O
00000010: 66 66 69 63 65 72 20 50 49 4E 03 02 06 C0 30 03 fficer PIN....0.
00000020: 04 01 FF A1 1D 30 1B 03 02 00 0D 0A 01 01 02 01 .....0..........
00000030: 06 02 01 08 80 01 01 04 01 00 30 06 04 04 3F 00 ..........0...?.
00000040: 50 15 30 3B 30 15 0C 0F 50 49 4E 20 5B 42 61 73 P.0;0...PIN [Bas
00000050: 69 63 20 50 49 4E 5D 03 02 06 C0 30 03 04 01 01 ic PIN]....0....
00000060: A1 1D 30 1B 03 02 02 4C 0A 01 01 02 01 04 02 01 ..0....L........
00000070: 08 80 01 83 04 01 00 30 06 04 04 3F 00 50 15 00 .......0...?.P..
00000080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
OpenSC [3F00/5015]> q