Cannot get USB smartcard (Nitrokey) working in LEAP15

English Applications
1

No matter what I do, I can’t get a Nitrokey working in LEAP15 !

The system sees it:

[13063.123310] usb 1-13: Product: Nitrokey HSM
[13063.123313] usb 1-13: Manufacturer: Nitrokey

But I can’t !

$ opensc-tool --list-readers
-bash: opensc-tool: command not found

The steps I have taken (the Nitro HSM requires OpenSC 0.19):

zypper ar http://download.opensuse.org/repositories/security:/chipcard/openSUSE_Leap_15.0/security:chipcard.repo
zypper lr -P
zypper mr -p 10 <repo_number>
zypper ref
zypper in opensc
zypper in pcsc-ccid pcsc-lite opensc
systemctl start pcscd

The issue persists even if I do a USBDEVFS_RESET

2

I am not knowledgeable in figuring out the mounting of USB cards that may not be recognized. So I hope someone else chimes in on that specific.

But there are a couple things in your post that has me curious that may be relevant to your problem.

1st, you reported:


$ opensc-tool --list-readers
-bash: opensc-tool: command not found

Typically that will only happen if you do not have opensc-tool installed or if opensc-tool is not included in the version of opensc in which you have installed. Do you have opensc installed? It is not installed by default in LEAP-15.0.

2nd, further what version of opensc do you have installed?

I note openSUSE-LEAP-15.0 has opensc-0.18.0-lp150.2.9.1.x86_64 and not opensc 0.19 where you note you have installed an updated opensc from the repository

http://download.opensuse.org/repositories/security:/chipcard/openSUSE_Leap_15.0/

That repository has “opensc-0.19.0-lp150.67.1.x86_64.rpm” and when I look inside of it, the executeable “opensc-tool” is included.

Yet you get the output “opensc-tool: command not found”. That does not make sense to me.

That suggest to me either there is a permission issue with that command (which there should not be as it should run as a regular user) or there was a bad install of “opensc-0.19.0-lp150.67.1.x86_64.rpm”.

Possibly you could check that to ensure ok? Out of curiousity, what does this command yield?


rpm -q opensc

and further what does this command yield:


rpm -ql opensc | grep opensc-tool

Does it prove opensc-tool is installed? If installed, and you obtain that error, perhaps a re-install of that app should be forced < speculation on my part >

If installed and all ok there, then I hope someone else in our forum chimes in.

3

@oldcpu

No. I don’t know where that came from ! What I should have posted was:

$opensc-tool --list-readers
No smart card readers found.
$pkcs15-tool -D
No smart card readers found.
4

Post:

lsusb
5 
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 004: ID 1604:10c0 Tascam 
Bus 001 Device 003: ID 1604:10c0 Tascam 
Bus 001 Device 002: ID 1604:10c0 Tascam 
Bus 001 Device 010: ID 20a0:4230 Clay Logic 
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
6

post:

zypper se -si pcsc

https://support.nitrokey.com/t/hsm-not-detected-fedora-22/127/3

7 
> sudo zypper se -si pcsc
Loading repository data...
Reading installed packages...

S | Name         | Type    | Version            | Arch   | Repository                                        
--+--------------+---------+--------------------+--------+---------------------------------------------------
i | libpcsclite1 | package | 1.8.25-lp150.161.1 | x86_64 | Software to support chipcards (openSUSE_Leap_15.0)
i | pcsc-lite    | package | 1.8.25-lp150.161.1 | x86_64 | Software to support chipcards (openSUSE_Leap_15.0)
8 
 sudo zypper se -si pcsc
Loading repository data...
Reading installed packages...

S  | Name         | Type    | Version            | Arch   | Repository                                        
---+--------------+---------+--------------------+--------+---------------------------------------------------
i  | libpcsclite1 | package | 1.8.25-lp150.161.1 | x86_64 | Software to support chipcards (openSUSE_Leap_15.0)
i+ | pcsc-ccid    | package | 1.4.30-lp150.87.1  | x86_64 | Software to support chipcards (openSUSE_Leap_15.0)
i  | pcsc-lite    | package | 1.8.25-lp150.161.1 | x86_64 | Software to support chipcards (openSUSE_Leap_15.0)
9

As written in the nitrokey forum, it should work:

opensc-tool --list-readers
# Detected readers (pcsc)
Nr.  Card  Features  Name
0    No    PIN pad   REINER SCT cyberJack RFID standard (5801785180) 00 00
10

Well, yes it “should” work. But as per my post #3 it does not work. :frowning:

11

Opern a terminal, as root:

journalctl -f

Now put your cardreader to an USB-Port and post all new line from the terminal here.

Otherwise ask the manufacturer.

12

The physical machine is a long distance from where I am, so I have run a C program that calls *USBDEVFS_RESET *which does the same thing.

The output is as follows:

Apr 12 11:58:40 X sudo[3777]:       foo : TTY=pts/0 ; PWD=/home/foo ; USER=root ; COMMAND=./usbreset /dev/bus/usb/001/006                                                          
Apr 12 11:58:40 X sudo[3777]: pam_unix(sudo:session): session opened for user root by foo(uid=0)                                                                                  
Apr 12 11:58:40 X kernel: usb 1-13: reset full-speed USB device number 6 using xhci_hcd                                                                                          
Apr 12 11:58:40 X sudo[3777]: pam_unix(sudo:session): session closed for user root                                                                                               
Apr 12 11:58:41 X kernel: usb 1-13: usbfs: process 3756 (pcscd) did not claim interface 0 before use

Running “opensc-tool --list-readers” yields:

Apr 12 11:59:26 X pcscd[3753]: 99999999 auth.c:137:IsClientAuthorized() Process 3782 (user: 1000) is NOT authorized for action: access_pcsc                                      
Apr 12 11:59:26 X pcscd[3753]: 00000181 winscard_svc.c:335:ContextThread() Rejected unauthorized PC/SC client

Regarding your final comment “Otherwise ask the manufacturer”. Frankly its easier for me just to scrap openSUSE and install an Operating System that works. I have many of these cards and openSUSE is the only OS that doesn’t work, all other flavours of BSD and Linux I use have absolutely no problems, so I am fast asking myself why I am wasting so much time fighting to get it working on openSUSE when I would already have it working in 30 seconds on other systems.

13

Which specific GNU/Linux versions do you refer to? You noted Nitro HSM requires OpenSC 0.19 … my research suggests not ALL GNU/Linux have such a new version of OpenSC - so I sense a high degree of frustration in your post - and I’m sorry to read of that frustration.

I hope a solution that is beneficial without much more pain can be found.

Note you are not using an official ‘packaged version’ of openSUSE (OpenSC), but rather a 3rd party package (based on the repos you noted). Your best bet may be to install the Tumbleweed packaged version of openSC and then if that does not work (nor install due to dependency issues that would otherwise break LEAP-15.0), raise a bug report on Tumbleweed packaged version and/or the LEAP-15.0 version of openSUSE.

BEFORE doing so, I highly recommend you check that the installed packages were NOT corrupted during their installation, and you also checked you don’t have any custom configuration setup on that PC may prevent this from working on openSUSE.

When writing a bug report, I recommend you politely point to the specific GNU/Linux OS that has this running with OpenSC 0.19, such that the openSUSE packagers know where to check for any build parameters wrt the rpm.

There is guidance for bug reports here: openSUSE:Submitting bug reports - openSUSE Wiki

You can use your openSUSE forum username and password when logging on to bugzilla. And then check the bug report every day or so for a response, as likely you may be asked to run some tests as they try to fix any broken build (IF that is the case).

That is how I would approach this.
.

14

Also some posts at the pcsc git project:
https://github.com/LudovicRousseau/PCSC/issues/26