Pkcs11 No Slot With A Token Was Found

Pkcs11 No Slot With A Token Was Found 4,2/5 6643 votes

The PKCS #11 standard defines a platform-independent API to cryptographic tokens, such as hardware security modules (HSM), smart cards, and names the API itself 'Cryptoki' (from 'cryptographic token interface' and pronounced as 'crypto-key' - but 'PKCS #11' is often used to refer to the API as well as the standard that defines it).
The API defines most commonly used cryptographic object types (RSAX.509 keys, DES/Triple DES Certificates/keys, etc.) and all the functions needed to use, create/generate, modify and delete those objects.
This container relies on a PKCS#11 a library which handles the communication with the token/card. This can be a vendor specific library or an opensource one, please select the correct one depending on the type of token/card you are using.

Cause: a token is not present in the slot. Action: Place a pkcs11 token in the slot. NZE-43011: pkcs11: Token login failed. Cause: To login to the pkcs11 token a correct passphrase is needed. NZE-43019: pkcs11: No certificate found on smart card/HSM label with given cert label.

  1. 1.1 Description of this Document. This PKCS #11 Cryptographic Token Interface Usage Guide Version 2.40 is intended to complement PKCS11-Base, PKCS11-Curr, PKCS11-Hist and PKCS11-Prof by providing guidance on how to implement the PKCS #11 interface most effectively.
  2. I recommend reading my PKCS#11 Terminology blog before trying this. In this blog, there is a simple program that gets the information about the HSM slots using the standard PKCS#11 library functions. In the above program statements, it loads the cryptoki library DLL provided by the HSM/token vendors.

Interface Summary

The Abstract PKCS #11 smartcard interface is summarized in the following snippet:

Each interface will be covered on this wiki, accompanied with example code and response objects.

Get the PKCS #11 container object

For more information on how to configure the T1C-JS client library see Client Configuration.
To set the locations of the PCKS#11 library, pass a ModuleConfig object when initializing the client:

Then grab a reference to the pkcs11 container:

Call a function for the PKCS #11 container:

Reading data

Found

Info

This methods returns more information about the PKCS #11 library you are using.

An example response:

Slots

This methods returns the available slots on the system.

An example response:

The flags value gives more information about the slot, possible values are

ValueDescription
0Empty
1Token present
2Removable device
3Token present + removable device
4Hardware slot
5Token present + hardware slot
6Removable device + hardware slot
7Token present + removable device + hardware slot
32Unknown

Slots with tokens present

This method is similar the the slots endpoint but only returns a list of slots where a token is present.

Pkcs11 No Slot With A Token Was Found The Most

An example response:

Token

This methods returns the token information for a slot.

An example response:

Certificates

This methods allows you to retrieve the certificates from the PKCS #11 token.

An example callback:

Response:

Signing data

To successfully sign data, we need the following parameters:

  • Slot ID of the token to use
  • Certificate ID of the signing certificate
  • PIN code
  • Hashed data to sign
  • Hashing algorithm used

The slot id can be found using either a call to slots, slotsWithTokenPresent. Once the slot id is found, the certificates can be retrieved with a call to certificates. This then returns the certificate id. Now we can combine this with the PIN code and hashed data + hashing algorithm (SHA1, SHA256, SHA384, SHA512) to create the final signData call:

signData call

Returns signed data for provided input data.

An example response:

Pkcs11 No Slot With A Token Was Found The First

verifySignedData call

This call can be used to verify if the signed data is correct. The request is similar to signData, but we also pass in the signed hash:

An example response:

Pkcs11 No Slot With A Token Was Found Dead

Error Handling

Error Object

The functions specified are asynchronous and always need a callback function.
The callback function will reply with a data object in case of success, or with an error object in case of an error. An example callback:

The error object returned:

For the error codes and description, see Status codes.

Hi,

I'm trying to use an aladdin token to protect some sensitive information.
Unfortunately I'm getting the following error message

vlad@brutal ~ $ ecryptfs-manager

eCryptfs key management menu
-------------------------------
1. Add passphrase key to keyring
2. Add public key to keyring
3. Generate new public/private keypair
4. Exit

Pkcs11-tool No Slot With A Token Was Found

Make selection: 2
[opensc-pkcs11] reader-pcsc.c:896:pcsc_detect_readers: SCardListReaders
failed: 0x8010002e
[opensc-pkcs11] reader-pcsc.c:1015:pcsc_detect_readers: returning with:
No readers found
Select key type to use for newly created files:
1) tspi
2) passphrase
3) openssl
4) pkcs11-helper
Selection: 4
[opensc-pkcs11] reader-pcsc.c:896:pcsc_detect_readers: SCardListReaders
failed: 0x8010002e
[opensc-pkcs11] reader-pcsc.c:1015:pcsc_detect_readers: returning with:
No readers found
[opensc-pkcs11] reader-pcsc.c:896:pcsc_detect_readers: SCardListReaders
failed: 0x8010002e
[opensc-pkcs11] reader-pcsc.c:1015:pcsc_detect_readers: returning with:
No readers found
PKCS#11 Serialized ID:
Passphrase (empty for interactive):
Optional X.509 Certificate PEM file:
Error processing key generation decision graph; rc = [-5]

I can see the card from pkcs11-tool

Pkcs11 No Slot With A Token Was Found Guilty

vlad@brutal ~ $ pkcs11-tool -L
[opensc-pkcs11] reader-pcsc.c:896:pcsc_detect_readers: SCardListReaders
failed: 0x8010002e
[opensc-pkcs11] reader-pcsc.c:1015:pcsc_detect_readers: returning with:
No readers found
[opensc-pkcs11] reader-pcsc.c:896:pcsc_detect_readers: SCardListReaders
failed: 0x8010002e
[opensc-pkcs11] reader-pcsc.c:1015:pcsc_detect_readers: returning with:
No readers found
Available slots:
Slot 0 Aladdin eToken PRO
token label: OpenSC Card (vlad)
token manuf: OpenSC Project
token model: PKCS#15
token flags: login required, PIN initialized, token initialized
serial num : 262119072909

any idea? same token is working for ssh login

here is my versions
3.1.6-gentoo #1 SMP Tue Jan 17 10:22:02 CET 2012 i686 Intel(R) Core(TM)2 Duo CPU T9600 @ 2.80GHz GenuineIntel GNU/Linux
dev-libs/opensc 0.11.13-r2
sys-fs/ecryptfs-utils 95
dev-libs/pkcs11-helper 1.09

Thank you
L: