After installing opencryptoki 3.20.0 on Ubuntu 23.04 the strength.conf file that is installed into /etc/opencryptoki/ has a wrong mode.
After starting pkcsslotrd, command 'pkcsconf -t' shows
pkcsconf: Error initializing the PKCS11 library: 0x5 (CKR_GENERAL_ERROR)
and the syslog shows:
usr/lib/api/policy.c POLICY: Configuration file /etc/opencryptoki/strength.conf has wrong permissions!
# ls -l /etc/opencryptoki/strength.conf
-rw-r--r-- 1 root pkcs11 866 Feb 13 09:10 /etc/opencryptoki/strength.conf
So it has a mode of 644, but it must have a mode of 640 ! This is checked by the code, and opencryptoki is not usable if the mode is wrong. The owner "root:pkcs11" is correct.
Circumvention: manually change the mode to 0640. After that 'pkcsconf -t' works.
Note: This affects all architectures where opencryptoki is supported.
After installing opencryptoki 3.20.0 on Ubuntu 23.04 the strength.conf file that is installed into /etc/opencryptoki/ has a wrong mode.
After starting pkcsslotrd, command 'pkcsconf -t' shows lib/api/ policy. c POLICY: Configuration file /etc/opencrypto ki/strength. conf has wrong permissions!
pkcsconf: Error initializing the PKCS11 library: 0x5 (CKR_GENERAL_ERROR)
and the syslog shows:
usr/
# ls -l /etc/opencrypto ki/strength. conf ki/strength. conf
-rw-r--r-- 1 root pkcs11 866 Feb 13 09:10 /etc/opencrypto
So it has a mode of 644, but it must have a mode of 640 ! This is checked by the code, and opencryptoki is not usable if the mode is wrong. The owner "root:pkcs11" is correct.
Circumvention: manually change the mode to 0640. After that 'pkcsconf -t' works.
Note: This affects all architectures where opencryptoki is supported.