[pkg-opensc-maint] Bug#826165: opensc-pkcs11: Signing fails with: PKCS11 function C_SignFinal failed: rv = CKR_GENERAL_ERROR (0x5)

E debian at x3nsic.net
Thu Jun 2 21:07:54 UTC 2016 

Package: opensc-pkcs11
Version: 0.16.0~rc2-1
Severity: important

Dear Maintainer,

I use an OmniKey CardMan 6121 with Firefox to access my bank's website. 

This used to work last time I checked (around May 20). However, Firefox now returns the following error message:


A PKCS #11 module returned CKR_GENERAL_ERROR, indicating that an
unrecoverable error has occurred. Error code:
SEC_ERROR_PKCS11_GENERAL_ERROR


The following blog post describes exactly the issue I am having, although it pertains to an older version of opensc-pkcs11:

https://www.tablix.org/~avian/blog/archives/2013/10/opensc_on_wheezy/

Testing with pkcs11-tool as described in the blog post above yields this:


$ pkcs11-tool --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -t -l
Using slot 0 with a present token (0x0)
Logging in to "[...]".
Please enter User PIN: 
C_SeedRandom() and C_GenerateRandom():
  seeding (C_SeedRandom) not supported
  seems to be OK
Digests:
  all 4 digest functions seem to work
  MD5: OK
  SHA-1: OK
  RIPEMD160: OK
Signatures (currently only RSA signatures)
  testing key 0 ([...]) 
error: PKCS11 function C_SignFinal failed: rv = CKR_GENERAL_ERROR (0x5)

Aborting.


The opensc-pkcs11.so file was last updated on May 28 (I apt-get upgrade daily):


-rw-r--r-- 1 root root 207888 May 28 06:24 /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so


Please let me know if I can provide any additional information or help in any way. 


-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.4.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages opensc-pkcs11 depends on:
ii  libc6        2.22-10
ii  libssl1.0.2  1.0.2h-1
ii  zlib1g       1:1.2.8.dfsg-2+b1

opensc-pkcs11 recommends no packages.

opensc-pkcs11 suggests no packages.

-- no debconf information

P.S. Thank you for all you do!

More information about the pkg-opensc-maint mailing list