safenet eToken 5100 pkcs11 bug(?)
Martin Meduna
cybermedi at yahoo.com
Wed Jan 29 01:02:48 EST 2014
Guys, I am not able to get it run. I can not say where is the problem but it seams that the openssh client is not able to get list of rsa key from token. See two logs from pkcs11-spy. one is for "ssh -I" the second is for "pkcs11-tool -O"
In the second log there is private_key visible or offered in the first one is not.
I use openssh 6.4 version on Linux or Mac.
Log from ssh -I
0: C_GetFunctionList
2014-01-28 03:26:42.350
Returned: 0 CKR_OK
1: C_Initialize
2014-01-28 03:26:42.351
[in] pInitArgs = (nil)
Returned: 0 CKR_OK
2: C_GetInfo
2014-01-28 03:26:42.352
[out] pInfo:
cryptokiVersion: 2.20
manufacturerID: 'SafeNet, Inc. '
flags: 0
libraryDescription: 'SafeNet eToken PKCS#11 '
libraryVersion: 8.3
Returned: 0 CKR_OK
3: C_GetSlotList
2014-01-28 03:26:42.352
[in] tokenPresent = 0x1
[out] pSlotList:
Count is 1
[out] *pulCount = 0x1
Returned: 0 CKR_OK
4: C_GetSlotList
2014-01-28 03:26:42.352
[in] tokenPresent = 0x1
[out] pSlotList:
Slot 0
[out] *pulCount = 0x1
Returned: 0 CKR_OK
5: C_GetTokenInfo
2014-01-28 03:26:42.352
[in] slotID = 0x0
[out] pInfo:
label: 'mToken2 '
manufacturerID: 'SafeNet, Inc. '
model: 'eToken '
serialNumber: '01db04cc '
ulMaxSessionCount: 0
ulSessionCount: 0
ulMaxRwSessionCount: 0
ulRwSessionCount: 0
ulMaxPinLen: 0
ulMinPinLen: 0
ulTotalPublicMemory: 73728
ulFreePublicMemory: 54312
ulTotalPrivateMemory: 73728
ulFreePrivateMemory: 54312
hardwareVersion: 8.0
firmwareVersion: 1.0
time: ' '
flags: 601
CKF_RNG
CKF_DUAL_CRYPTO_OPERATIONS
CKF_TOKEN_INITIALIZED
Returned: 0 CKR_OK
6: C_OpenSession
2014-01-28 03:26:42.353
[in] slotID = 0x0
[in] flags = 0x6
pApplication=(nil)
Notify=(nil)
[out] *phSession = 0x3c60002
Returned: 0 CKR_OK
7: C_FindObjectsInit
2014-01-28 03:26:42.353
[in] hSession = 0x3c60002
[in] pTemplate[1]:
CKA_CLASS CKO_PUBLIC_KEY
Returned: 0 CKR_OK
8: C_FindObjects
2014-01-28 03:26:42.353
[in] hSession = 0x3c60002
[in] ulMaxObjectCount = 0x1
[out] ulObjectCount = 0x1
Object 0x8690003 matches
Returned: 0 CKR_OK
9: C_GetAttributeValue
2014-01-28 03:26:42.353
[in] hSession = 0x3c60002
[in] hObject = 0x8690003
[in] pTemplate[3]:
CKA_ID 0000000000000000 / 0
CKA_MODULUS 0000000000000000 / 0
CKA_PUBLIC_EXPONENT 0000000000000000 / 0
[out] pTemplate[3]:
CKA_ID 0000000000000000 / 0
CKA_MODULUS 0000000000000000 / 256
CKA_PUBLIC_EXPONENT 0000000000000000 / 3
Returned: 0 CKR_OK
10: C_FindObjects
2014-01-28 03:26:42.354
[in] hSession = 0x3c60002
[in] ulMaxObjectCount = 0x1
[out] ulObjectCount = 0x0
Returned: 0 CKR_OK
11: C_FindObjectsFinal
2014-01-28 03:26:42.354
[in] hSession = 0x3c60002
Returned: 0 CKR_OK
12: C_Finalize
2014-01-28 03:26:42.354
Returned: 0 CKR_OK
Log from pkcs11-tool --module=/usr/lib/x86_64-linux-gnu/pkcs11-spy.so -
*************** OpenSC PKCS#11 spy *****************
Loaded: "/usr/lib/libeTPkcs11.so"
0: C_GetFunctionList
2014-01-28 04:00:43.576
Returned: 0 CKR_OK
1: C_Initialize
2014-01-28 04:00:43.576
[in] pInitArgs = (nil)
Returned: 0 CKR_OK
2: C_GetSlotList
2014-01-28 04:00:43.577
[in] tokenPresent = 0x0
[out] pSlotList:
Count is 6
[out] *pulCount = 0x6
Returned: 0 CKR_OK
3: C_GetSlotList
2014-01-28 04:00:43.577
[in] tokenPresent = 0x0
[out] pSlotList:
Slot 0
Slot 1
Slot 2
Slot 3
Slot 4
Slot 5
[out] *pulCount = 0x6
Returned: 0 CKR_OK
4: C_GetSlotInfo
2014-01-28 04:00:43.577
[in] slotID = 0x0
[out] pInfo:
slotDescription: 'AKS ifdh [Main Interface] 00 00 '
' '
manufacturerID: 'SafeNet, Inc. '
hardwareVersion: 1.0
firmwareVersion: 0.0
flags: 7
CKF_TOKEN_PRESENT
CKF_REMOVABLE_DEVICE
CKF_HW_SLOT
Returned: 0 CKR_OK
5: C_OpenSession
2014-01-28 04:00:43.578
[in] slotID = 0x0
[in] flags = 0x4
pApplication=(nil)
Notify=(nil)
[out] *phSession = 0x5670001
Returned: 0 CKR_OK
6: C_FindObjectsInit
2014-01-28 04:00:43.578
[in] hSession = 0x5670001
[in] pTemplate[0]:
Returned: 0 CKR_OK
7: C_FindObjects
2014-01-28 04:00:43.579
[in] hSession = 0x5670001
[in] ulMaxObjectCount = 0x1
[out] ulObjectCount = 0x1
Object 0x3c60002 matches
Returned: 0 CKR_OK
8: C_GetAttributeValue
2014-01-28 04:00:43.579
[in] hSession = 0x5670001
[in] hObject = 0x3c60002
[in] pTemplate[1]:
CKA_CLASS 00007fff3bd35a58 / 8
[out] pTemplate[1]:
CKA_CLASS CKO_PRIVATE_KEY
Returned: 0 CKR_OK
9: C_GetAttributeValue
2014-01-28 04:00:43.579
[in] hSession = 0x5670001
[in] hObject = 0x3c60002
[in] pTemplate[1]:
CKA_KEY_TYPE 00007fff3bd35a58 / 8
[out] pTemplate[1]:
CKA_KEY_TYPE CKK_RSA
Returned: 0 CKR_OK
10: C_GetAttributeValue
2014-01-28 04:00:43.579
[in] hSession = 0x5670001
[in] hObject = 0x3c60002
[in] pTemplate[1]:
CKA_CLASS 00007fff3bd35a58 / 8
[out] pTemplate[1]:
CKA_CLASS CKO_PRIVATE_KEY
Returned: 0 CKR_OK
11: C_GetAttributeValue
2014-01-28 04:00:43.579
[in] hSession = 0x5670001
[in] hObject = 0x3c60002
[in] pTemplate[1]:
CKA_LABEL 0000000000000000 / 0
[out] pTemplate[1]:
CKA_LABEL 0000000000000000 / 0
Returned: 0 CKR_OK
12: C_GetAttributeValue
2014-01-28 04:00:43.579
[in] hSession = 0x5670001
[in] hObject = 0x3c60002
[in] pTemplate[1]:
CKA_LABEL 0000000000bb14b0 / 0
[out] pTemplate[1]:
CKA_LABEL 0000000000bb14b0 / 0
Returned: 0 CKR_OK
13: C_GetAttributeValue
2014-01-28 04:00:43.579
[in] hSession = 0x5670001
[in] hObject = 0x3c60002
[in] pTemplate[1]:
CKA_ID 0000000000000000 / 0
[out] pTemplate[1]:
CKA_ID 0000000000000000 / 0
Returned: 0 CKR_OK
14: C_GetAttributeValue
2014-01-28 04:00:43.579
[in] hSession = 0x5670001
[in] hObject = 0x3c60002
[in] pTemplate[1]:
CKA_ID 0000000000bb14b0 / 0
[out] pTemplate[1]:
CKA_ID 0000000000bb14b0 / 0
Returned: 0 CKR_OK
15: C_GetAttributeValue
2014-01-28 04:00:43.579
[in] hSession = 0x5670001
[in] hObject = 0x3c60002
[in] pTemplate[1]:
CKA_DECRYPT 00007fff3bd35a5f / 1
[out] pTemplate[1]:
CKA_DECRYPT True
Returned: 0 CKR_OK
16: C_GetAttributeValue
2014-01-28 04:00:43.580
[in] hSession = 0x5670001
[in] hObject = 0x3c60002
[in] pTemplate[1]:
CKA_SIGN 00007fff3bd35a5f / 1
[out] pTemplate[1]:
CKA_SIGN True
Returned: 0 CKR_OK
17: C_GetAttributeValue
2014-01-28 04:00:43.580
[in] hSession = 0x5670001
[in] hObject = 0x3c60002
[in] pTemplate[1]:
CKA_? (0x80000001) 00007fff3bd35ab7 / 1
[out] pTemplate[1]:
CKA_? (0x80000001) 00007fff3bd35ab7 / 8
Returned: 0 CKR_OK
18: C_GetAttributeValue
2014-01-28 04:00:43.580
[in] hSession = 0x5670001
[in] hObject = 0x3c60002
[in] pTemplate[1]:
CKA_UNWRAP 00007fff3bd35a5f / 1
[out] pTemplate[1]:
CKA_UNWRAP True
Returned: 0 CKR_OK
19: C_GetAttributeValue
2014-01-28 04:00:43.580
[in] hSession = 0x5670001
[in] hObject = 0x3c60002
[in] pTemplate[1]:
CKA_DERIVE 00007fff3bd35ab7 / 1
[out] pTemplate[1]:
CKA_DERIVE False
Returned: 0 CKR_OK
20: C_GetAttributeValue
2014-01-28 04:00:43.580
[in] hSession = 0x5670001
[in] hObject = 0x3c60002
[in] pTemplate[1]:
CKA_ALWAYS_AUTHENTICATE 00007fff3bd35a5f / 1
[out] pTemplate[1]:
CKA_ALWAYS_AUTHENTICATE False
Returned: 0 CKR_OK
21: C_FindObjects
2014-01-28 04:00:43.580
[in] hSession = 0x5670001
[in] ulMaxObjectCount = 0x1
[out] ulObjectCount = 0x1
Object 0x8690003 matches
Returned: 0 CKR_OK
22: C_GetAttributeValue
2014-01-28 04:00:43.580
[in] hSession = 0x5670001
[in] hObject = 0x8690003
[in] pTemplate[1]:
CKA_CLASS 00007fff3bd35a58 / 8
[out] pTemplate[1]:
CKA_CLASS CKO_PUBLIC_KEY
Returned: 0 CKR_OK
23: C_GetAttributeValue
2014-01-28 04:00:43.580
[in] hSession = 0x5670001
[in] hObject = 0x8690003
[in] pTemplate[1]:
CKA_KEY_TYPE 00007fff3bd35a58 / 8
[out] pTemplate[1]:
CKA_KEY_TYPE CKK_RSA
Returned: 0 CKR_OK
24: C_GetAttributeValue
2014-01-28 04:00:43.580
[in] hSession = 0x5670001
[in] hObject = 0x8690003
[in] pTemplate[1]:
CKA_CLASS 00007fff3bd35a58 / 8
[out] pTemplate[1]:
CKA_CLASS CKO_PUBLIC_KEY
Returned: 0 CKR_OK
25: C_GetAttributeValue
2014-01-28 04:00:43.580
[in] hSession = 0x5670001
[in] hObject = 0x8690003
[in] pTemplate[1]:
CKA_MODULUS_BITS 00007fff3bd35a58 / 8
[out] pTemplate[1]:
CKA_MODULUS_BITS 00007fff3bd35a58 / 8
00000000 00 08 00 00 00 00 00 00 ........
Returned: 0 CKR_OK
26: C_GetAttributeValue
2014-01-28 04:00:43.580
[in] hSession = 0x5670001
[in] hObject = 0x8690003
[in] pTemplate[1]:
CKA_LABEL 0000000000000000 / 0
[out] pTemplate[1]:
CKA_LABEL 0000000000000000 / 0
Returned: 0 CKR_OK
27: C_GetAttributeValue
2014-01-28 04:00:43.581
[in] hSession = 0x5670001
[in] hObject = 0x8690003
[in] pTemplate[1]:
CKA_LABEL 0000000000bb14d0 / 0
[out] pTemplate[1]:
CKA_LABEL 0000000000bb14d0 / 0
Returned: 0 CKR_OK
28: C_GetAttributeValue
2014-01-28 04:00:43.581
[in] hSession = 0x5670001
[in] hObject = 0x8690003
[in] pTemplate[1]:
CKA_ID 0000000000000000 / 0
[out] pTemplate[1]:
CKA_ID 0000000000000000 / 0
Returned: 0 CKR_OK
29: C_GetAttributeValue
2014-01-28 04:00:43.581
[in] hSession = 0x5670001
[in] hObject = 0x8690003
[in] pTemplate[1]:
CKA_ID 0000000000bb14d0 / 0
[out] pTemplate[1]:
CKA_ID 0000000000bb14d0 / 0
Returned: 0 CKR_OK
30: C_GetAttributeValue
2014-01-28 04:00:43.581
[in] hSession = 0x5670001
[in] hObject = 0x8690003
[in] pTemplate[1]:
CKA_ENCRYPT 00007fff3bd35ab7 / 1
[out] pTemplate[1]:
CKA_ENCRYPT True
Returned: 0 CKR_OK
31: C_GetAttributeValue
2014-01-28 04:00:43.581
[in] hSession = 0x5670001
[in] hObject = 0x8690003
[in] pTemplate[1]:
CKA_VERIFY 00007fff3bd35ab7 / 1
[out] pTemplate[1]:
CKA_VERIFY True
Returned: 0 CKR_OK
32: C_GetAttributeValue
2014-01-28 04:00:43.581
[in] hSession = 0x5670001
[in] hObject = 0x8690003
[in] pTemplate[1]:
CKA_WRAP 00007fff3bd35ab7 / 1
[out] pTemplate[1]:
CKA_WRAP True
Returned: 0 CKR_OK
33: C_FindObjects
2014-01-28 04:00:43.582
[in] hSession = 0x5670001
[in] ulMaxObjectCount = 0x1
[out] ulObjectCount = 0x1
Object 0x8730004 matches
Returned: 0 CKR_OK
34: C_GetAttributeValue
2014-01-28 04:00:43.582
[in] hSession = 0x5670001
[in] hObject = 0x8730004
[in] pTemplate[1]:
CKA_CLASS 00007fff3bd35a58 / 8
[out] pTemplate[1]:
CKA_CLASS CKO_CERTIFICATE
Returned: 0 CKR_OK
35: C_GetAttributeValue
2014-01-28 04:00:43.582
[in] hSession = 0x5670001
[in] hObject = 0x8730004
[in] pTemplate[1]:
CKA_CERTIFICATE_TYPE 00007fff3bd35ab8 / 8
[out] pTemplate[1]:
CKA_CERTIFICATE_TYPE CKC_X_509
Returned: 0 CKR_OK
36: C_GetAttributeValue
2014-01-28 04:00:43.582
[in] hSession = 0x5670001
[in] hObject = 0x8730004
[in] pTemplate[1]:
CKA_LABEL 0000000000000000 / 0
[out] pTemplate[1]:
CKA_LABEL 0000000000000000 / 0
Returned: 0 CKR_OK
37: C_GetAttributeValue
2014-01-28 04:00:43.582
[in] hSession = 0x5670001
[in] hObject = 0x8730004
[in] pTemplate[1]:
CKA_LABEL 0000000000bb14f0 / 0
[out] pTemplate[1]:
CKA_LABEL 0000000000bb14f0 / 0
Returned: 0 CKR_OK
38: C_GetAttributeValue
2014-01-28 04:00:43.582
[in] hSession = 0x5670001
[in] hObject = 0x8730004
[in] pTemplate[1]:
CKA_ID 0000000000000000 / 0
[out] pTemplate[1]:
CKA_ID 0000000000000000 / 0
Returned: 0 CKR_OK
39: C_GetAttributeValue
2014-01-28 04:00:43.582
[in] hSession = 0x5670001
[in] hObject = 0x8730004
[in] pTemplate[1]:
CKA_ID 0000000000bb14f0 / 0
[out] pTemplate[1]:
CKA_ID 0000000000bb14f0 / 0
Returned: 0 CKR_OK
40: C_FindObjects
2014-01-28 04:00:43.582
[in] hSession = 0x5670001
[in] ulMaxObjectCount = 0x1
[out] ulObjectCount = 0x0
Returned: 0 CKR_OK
41: C_FindObjectsFinal
2014-01-28 04:00:43.583
[in] hSession = 0x5670001
Returned: 0 CKR_OK
42: C_CloseSession
2014-01-28 04:00:43.583
[in] hSession = 0x5670001
Returned: 0 CKR_OK
43: C_Finalize
2014-01-28 04:00:43.583
Returned: 0 CKR_OK
log from ssh
OpenSSH_6.4, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.1.1.1 [192.1.1.1] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: manufacturerID <SafeNet, Inc.> cryptokiVersion 2.20 libraryDescription <SafeNet eToken PKCS#11> libraryVersion 8.3
debug1: label <mToken2> manufacturerID <SafeNet, Inc.> model <eToken> serial <01db04cc> flags 0x601
no keys
More information about the openssh-unix-dev
mailing list