You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Furthermore, errors occur also when running pkcs15-tool (potentially sensitive details removed):
$ pkcs15-tool -D
Using reader with a card: Nitrokey Nitrokey 3 [CCID/ICCD Interface] 00 00
PKCS#15 Card [PIV_II]:
Version : 0
Serial number : ...
Manufacturer ID: piv_II
Flags :
PIN [PIN]
Object Flags : [0x01], private
Auth ID : ...
PIN [PIV PUK]
Object Flags : [0x01], private
ID : ...
Data object 'Card Capability Container'
applicationName: Card Capability Container
applicationOID: ...
Data object 'Card Holder Unique Identifier'
applicationName: Card Holder Unique Identifier
applicationOID: ...
Data object 'Unsigned Card Holder Unique Identifier'
applicationName: Unsigned Card Holder Unique Identifier
applicationOID: ...
Data object read failed: File not found
Data object 'X.509 Certificate for PIV Authentication'
applicationName: X.509 Certificate for PIV Authentication
applicationOID: ...
Data object read failed: File not found
Data object 'Cardholder Fingerprints'
applicationName: Cardholder Fingerprints
applicationOID: ...
Data object 'Printed Information'
applicationName: Printed Information
applicationOID: ...
Data object 'Cardholder Facial Image'
applicationName: Cardholder Facial Image
applicationOID: ...
Data object 'X.509 Certificate for Digital Signature'
applicationName: X.509 Certificate for Digital Signature
applicationOID: ...
Data object read failed: File not found
Data object 'X.509 Certificate for Key Management'
applicationName: X.509 Certificate for Key Management
applicationOID: ...
Data object read failed: File not found
Data object 'X.509 Certificate for Card Authentication'
applicationName: X.509 Certificate for Card Authentication
applicationOID: ...
Data object read failed: File not found
Data object 'Security Object'
applicationName: Security Object
applicationOID: ...
Data object read failed: File not found
Data object 'Discovery Object'
applicationName: Discovery Object
applicationOID: ...
Data object 'Key History Object'
applicationName: Key History Object
applicationOID: ...
Data object 'Cardholder Iris Image'
applicationName: Cardholder Iris Image
applicationOID: ...
Data object read failed: File not found
System is Debian Linux 5.10.0 (amd64).
This issue is fixed, when downgrading the firmware to v1.6.0 on the same token.
Interestingly, this issue does not occur on another token, on which pkcs15 was set-up first and
the token was updated afterwards to v1.6.0-test.20231218.
The text was updated successfully, but these errors were encountered:
I think the main problem is that v1.6.0 provides one CCID application, OpenPGP. v1.6.0-test.20231218 provides two CCID applications, OpenPGP and PIV. opensc-tool has the --card-driver option to select one:
$ opensc-tool --card-driver openpgp --name
Using reader with a card: Nitrokey Nitrokey 3 [CCID/ICCD Interface] 00 00
OpenPGP card v3.4 (000F E5A62768)
$ opensc-tool --card-driver PIV-II --name
Using reader with a card: Nitrokey Nitrokey 3 [CCID/ICCD Interface] 00 00
Personal Identity Verification Card
Unfortunately, pkcs15-tool and pkcs15-init don’t have this flag. You can also see in the output of pkcs15-tool --list-info that it prefers the PIV driver over the OpenPGP driver:
$ pkcs15-tool --list-info
Using reader with a card: Nitrokey Nitrokey 3 [CCID/ICCD Interface] 00 00
PKCS#15 Card [PIV_II]:
Version : 0
Serial number : e5a627684295055fb30e52d7143d76b6
Manufacturer ID: piv_II
Flags :
You can fix this by setting the OPENSC_DRIVER environment variable to openpgp:
$ OPENSC_DRIVER=openpgp pkcs15-tool --list-info
Using reader with a card: Nitrokey Nitrokey 3 [CCID/ICCD Interface] 00 00
PKCS#15 Card [OpenPGP card]:
Version : 0
Serial number : 000fe5a62768
Manufacturer ID: OpenPGP project
Language :
Flags : PRN generation, EID compliant
Does that work for you? For me, pkcs15-init --erase-card works neither with v1.6.0 nor v1.6.0-test.20231218.
Hi,
I ran into problems when trying to initialize the Nitrokey 3 smartcard function
when it's running v1.6.0-test.20231218.
Steps to reproduce:
Error:
$ pkcs15-init --erase-card Using reader with a card: Nitrokey Nitrokey 3 [CCID/ICCD Interface] 00 00 Couldn't bind to the card: Not supported
Debug log:
Furthermore, errors occur also when running
pkcs15-tool
(potentially sensitive details removed):System is Debian Linux 5.10.0 (amd64).
This issue is fixed, when downgrading the firmware to v1.6.0 on the same token.
Interestingly, this issue does not occur on another token, on which pkcs15 was set-up first and
the token was updated afterwards to v1.6.0-test.20231218.
The text was updated successfully, but these errors were encountered: