Coolkey does not work with ActiveKey Sim

Bug #786682 reported by Vladimir Kravets on 2011-05-22
16
This bug affects 3 people
Affects Status Importance Assigned to Milestone
coolkey (Debian)
Fix Released
Unknown
coolkey (Ubuntu)
Undecided
Unassigned

Bug Description

Binary package hint: coolkey

OS: Ubuntu 11.04
This is regression from ubuntu 10.10

Couldn't detect token.
See below logs:
The command pkcs11_inspect debug try to read the token we can see the green light on it but cannot read the slot1:
May 19 11:41:38 sly-sub pkcs11_inspect: Using config file /etc/pam_pkcs11/pam_pkcs11.conf
May 19 11:41:38 sly-sub pkcs11_inspect: No mappers specified in config: /etc/pam_pkcs11/pam_pkcs11.conf
May 19 11:41:38 sly-sub pkcs11_inspect: loading pkcs #11 module...
May 19 11:41:38 sly-sub pkcs11_inspect: PKCS #11 module = [/usr/lib/pkcs11/libcoolkeypk11.so]
May 19 11:41:38 sly-sub pkcs11_inspect: module permissions: uid = 0, gid = 0, mode = 644
May 19 11:41:38 sly-sub pkcs11_inspect: loading module /usr/lib/pkcs11/libcoolkeypk11.so
May 19 11:41:38 sly-sub pkcs11_inspect: getting function list
May 19 11:41:38 sly-sub pkcs11_inspect: initialising pkcs #11 module...
May 19 11:41:39 sly-sub pcscd: ccid_usb.c:657:ReadUSB() read failed (4/7): -7 Success
May 19 11:41:39 sly-sub pkcs11_inspect: module information:
May 19 11:41:39 sly-sub pkcs11_inspect: - version: 2.11
May 19 11:41:39 sly-sub pkcs11_inspect: - manufacturer: Mozilla Foundation
May 19 11:41:39 sly-sub pkcs11_inspect: - flags: 0000
May 19 11:41:39 sly-sub pkcs11_inspect: - library description: CoolKey PKCS #11 Module
May 19 11:41:39 sly-sub pkcs11_inspect: - library version: 1.0
May 19 11:41:41 sly-sub pkcs11_inspect: number of slots (a): 1
May 19 11:41:42 sly-sub pkcs11_inspect: number of slots (b): 1
May 19 11:41:42 sly-sub pkcs11_inspect: slot 1:
May 19 11:41:43 sly-sub pkcs11_inspect: - description: Activkey Sim 00 00
May 19 11:41:43 sly-sub pkcs11_inspect: - manufacturer: Unknown
May 19 11:41:43 sly-sub pkcs11_inspect: - flags: 0006
May 19 11:41:43 sly-sub pkcs11_inspect: no token available

The same ActiveKey is working well with the same configs on Ubunutu 10.10.

Vladimir Kravets (vova-kravets) wrote :

There is the familiar issue on the Fedora see:
https://bugzilla.redhat.com/show_bug.cgi?id=688837

Vladimir Kravets (vova-kravets) wrote :

Issue is found, I will upload path soon.

Some details:
Issue is appeared when CAC was implemented (coolkey-cac.patch). Some of key (include ActiveKey) can include empty certificate In this case we don't need to throw exception if this is not slot 0.

tags: added: patch
Vladimir Kravets (vova-kravets) wrote :

Any updates? Will this fix appeared in the repo?

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package coolkey - 1.1.0-8.1ubuntu1

---------------
coolkey (1.1.0-8.1ubuntu1) oneiric; urgency=low

  * Apply patch from Debian BTS #632803 to resolve FTBFS
    due to hard-coded rpath in debian/rules.
  * Apply patch from Vladimir Kravets to resolve Coolkey
    not working with ActiveKey Sim. (LP: #786682)
 -- Daniel T Chen <email address hidden> Wed, 20 Jul 2011 13:18:57 -0400

Changed in coolkey (Ubuntu):
status: New → Fix Released
Daniel T Chen (crimsun) on 2011-07-20
tags: added: patch-forwarded-debian
removed: patch
Vladimir Kravets (vova-kravets) wrote :

Thanks a lot

Changed in coolkey (Debian):
status: Unknown → New
Changed in coolkey (Debian):
status: New → Fix Released
Dejan (dejan-rodiger) wrote :

Hi, Is this fixed in ubuntu 12.04? Version I have installed is Coolkey Version: 1.1.0-10ubuntu1

Hi guys

I had to renew the certificates on my ActivKey and now I can't connect to my company VPN anymore.

I'm getting the following message when running pkcs11_listcerts, which it seems it's common to other users:

root@hpgateway:/tmp# pkcs11_listcerts
DEBUG:pkcs11_listcerts.c:69: loading pkcs #11 module...
DEBUG:pkcs11_lib.c:975: PKCS #11 module = [/usr/lib/pkcs11/libcoolkeypk11.so]
DEBUG:pkcs11_lib.c:992: module permissions: uid = 0, gid = 0, mode = 644
DEBUG:pkcs11_lib.c:1001: loading module /usr/lib/pkcs11/libcoolkeypk11.so
DEBUG:pkcs11_lib.c:1009: getting function list
DEBUG:pkcs11_listcerts.c:77: initialising pkcs #11 module...
DEBUG:pkcs11_lib.c:1106: module information:
DEBUG:pkcs11_lib.c:1107: - version: 2.11
DEBUG:pkcs11_lib.c:1108: - manufacturer: Mozilla Foundation
DEBUG:pkcs11_lib.c:1109: - flags: 0000
DEBUG:pkcs11_lib.c:1110: - library description: CoolKey PKCS #11 Module
DEBUG:pkcs11_lib.c:1111: - library version: 1.0
DEBUG:pkcs11_lib.c:1118: number of slots (a): 1
DEBUG:pkcs11_lib.c:1141: number of slots (b): 1
DEBUG:pkcs11_lib.c:1037: slot 1:
DEBUG:pkcs11_lib.c:1047: - description: ActivIdentity Activkey Sim 00 00
DEBUG:pkcs11_lib.c:1048: - manufacturer: Unknown
DEBUG:pkcs11_lib.c:1049: - flags: 0006
DEBUG:pkcs11_listcerts.c:94: no token available

I upgraded to Ubuntu 12.04, same error.

Last night upgraded to 12.10, same error.

It looks to me the problem is that the certificate is not put on slot 0, from the windows Activkey tools I see it's been placed on slot 6, yet the patch of this bug claims to fix this issue, so not sure what's going on.

Putting every possible slot_num parameter value on /etc/pam_pkcs11/pam_pkcs11.conf does not work either:

# Coolkey Support
pkcs11_module coolkey {
module = /usr/lib/pkcs11/libcoolkeypk11.so;
description = "Coolkey";
slot_num = 6;
support_threads = false;
ca_dir = /etc/pam_pkcs11/cacerts;
cert_policy = ca;
}

Anyone has been able to fix this?

Regards

@rrc: Your problem is fixed by a aptch contained in this github repo: https://github.com/Vanuan/coolkey/tree/multislot_support

I have created a packlage with the fix, and put it in my PPA: https://launchpad.net/~markus-tisoft/+archive/coolkey

I can use my ActiveKey to connect to my company VPN after using the new package and selectiong the correct slot (2 in my case) in the /etc/ppp/eaptls-client file.

naisanza (naisanza) on 2015-03-30
summary: - Coolkey don't working with ActiveKey Sim
+ Coolkey does not work with ActiveKey Sim
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.