Pkcs11 No Slot With A Token Was Found
The PKCS #11 standard defines a platform-independent API to cryptographic tokens, such as hardware security modules (HSM), smart cards, and names the API itself 'Cryptoki' (from 'cryptographic token interface' and pronounced as 'crypto-key' - but 'PKCS #11' is often used to refer to the API as well as the standard that defines it).
The API defines most commonly used cryptographic object types (RSAX.509 keys, DES/Triple DES Certificates/keys, etc.) and all the functions needed to use, create/generate, modify and delete those objects.
This container relies on a PKCS#11 a library which handles the communication with the token/card. This can be a vendor specific library or an opensource one, please select the correct one depending on the type of token/card you are using.
Cause: a token is not present in the slot. Action: Place a pkcs11 token in the slot. NZE-43011: pkcs11: Token login failed. Cause: To login to the pkcs11 token a correct passphrase is needed. NZE-43019: pkcs11: No certificate found on smart card/HSM label with given cert label.
- 1.1 Description of this Document. This PKCS #11 Cryptographic Token Interface Usage Guide Version 2.40 is intended to complement PKCS11-Base, PKCS11-Curr, PKCS11-Hist and PKCS11-Prof by providing guidance on how to implement the PKCS #11 interface most effectively.
- I recommend reading my PKCS#11 Terminology blog before trying this. In this blog, there is a simple program that gets the information about the HSM slots using the standard PKCS#11 library functions. In the above program statements, it loads the cryptoki library DLL provided by the HSM/token vendors.
Interface Summary
The Abstract PKCS #11 smartcard interface is summarized in the following snippet:
Each interface will be covered on this wiki, accompanied with example code and response objects.
Get the PKCS #11 container object
For more information on how to configure the T1C-JS client library see Client Configuration.
To set the locations of the PCKS#11 library, pass a ModuleConfig object when initializing the client:
Then grab a reference to the pkcs11 container:
Call a function for the PKCS #11 container:
Reading data
Info
This methods returns more information about the PKCS #11 library you are using.
An example response:
Slots
This methods returns the available slots on the system.
An example response:
The flags value gives more information about the slot, possible values are
| Value | Description |
|---|---|
| 0 | Empty |
| 1 | Token present |
| 2 | Removable device |
| 3 | Token present + removable device |
| 4 | Hardware slot |
| 5 | Token present + hardware slot |
| 6 | Removable device + hardware slot |
| 7 | Token present + removable device + hardware slot |
| 32 | Unknown |
Slots with tokens present
This method is similar the the slots endpoint but only returns a list of slots where a token is present.
Pkcs11 No Slot With A Token Was Found The Most
An example response:
Token
This methods returns the token information for a slot.
An example response:
Certificates
This methods allows you to retrieve the certificates from the PKCS #11 token.
An example callback:
Response:
Signing data
To successfully sign data, we need the following parameters:
- Slot ID of the token to use
- Certificate ID of the signing certificate
- PIN code
- Hashed data to sign
- Hashing algorithm used
The slot id can be found using either a call to slots, slotsWithTokenPresent. Once the slot id is found, the certificates can be retrieved with a call to certificates. This then returns the certificate id. Now we can combine this with the PIN code and hashed data + hashing algorithm (SHA1, SHA256, SHA384, SHA512) to create the final signData call:
signData call
Returns signed data for provided input data.
An example response:
Pkcs11 No Slot With A Token Was Found The First
verifySignedData call
This call can be used to verify if the signed data is correct. The request is similar to signData, but we also pass in the signed hash:
An example response:
Pkcs11 No Slot With A Token Was Found Dead
Error Handling
Error Object
The functions specified are asynchronous and always need a callback function.
The callback function will reply with a data object in case of success, or with an error object in case of an error. An example callback:
The error object returned:
For the error codes and description, see Status codes.
Hi,
I'm trying to use an aladdin token to protect some sensitive information.
Unfortunately I'm getting the following error message
vlad@brutal ~ $ ecryptfs-manager
eCryptfs key management menu
-------------------------------
1. Add passphrase key to keyring
2. Add public key to keyring
3. Generate new public/private keypair
4. Exit
Pkcs11-tool No Slot With A Token Was Found
Make selection: 2
[opensc-pkcs11] reader-pcsc.c:896:pcsc_detect_readers: SCardListReaders
failed: 0x8010002e
[opensc-pkcs11] reader-pcsc.c:1015:pcsc_detect_readers: returning with:
No readers found
Select key type to use for newly created files:
1) tspi
2) passphrase
3) openssl
4) pkcs11-helper
Selection: 4
[opensc-pkcs11] reader-pcsc.c:896:pcsc_detect_readers: SCardListReaders
failed: 0x8010002e
[opensc-pkcs11] reader-pcsc.c:1015:pcsc_detect_readers: returning with:
No readers found
[opensc-pkcs11] reader-pcsc.c:896:pcsc_detect_readers: SCardListReaders
failed: 0x8010002e
[opensc-pkcs11] reader-pcsc.c:1015:pcsc_detect_readers: returning with:
No readers found
PKCS#11 Serialized ID:
Passphrase (empty for interactive):
Optional X.509 Certificate PEM file:
Error processing key generation decision graph; rc = [-5]
I can see the card from pkcs11-tool
Pkcs11 No Slot With A Token Was Found Guilty
vlad@brutal ~ $ pkcs11-tool -L
[opensc-pkcs11] reader-pcsc.c:896:pcsc_detect_readers: SCardListReaders
failed: 0x8010002e
[opensc-pkcs11] reader-pcsc.c:1015:pcsc_detect_readers: returning with:
No readers found
[opensc-pkcs11] reader-pcsc.c:896:pcsc_detect_readers: SCardListReaders
failed: 0x8010002e
[opensc-pkcs11] reader-pcsc.c:1015:pcsc_detect_readers: returning with:
No readers found
Available slots:
Slot 0 Aladdin eToken PRO
token label: OpenSC Card (vlad)
token manuf: OpenSC Project
token model: PKCS#15
token flags: login required, PIN initialized, token initialized
serial num : 262119072909
any idea? same token is working for ssh login
here is my versions
3.1.6-gentoo #1 SMP Tue Jan 17 10:22:02 CET 2012 i686 Intel(R) Core(TM)2 Duo CPU T9600 @ 2.80GHz GenuineIntel GNU/Linux
dev-libs/opensc 0.11.13-r2
sys-fs/ecryptfs-utils 95
dev-libs/pkcs11-helper 1.09
Thank you
L: