Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error in pkcs11_init:1439: PKCS #11 error #205

Closed
pavithran93 opened this issue Jan 23, 2021 · 3 comments
Closed

Error in pkcs11_init:1439: PKCS #11 error #205

pavithran93 opened this issue Jan 23, 2021 · 3 comments
Labels
question

Comments

@pavithran93
Copy link

pavithran93 commented Jan 23, 2021
edited
Loading

I followed the steps in
https://github.com/MicrochipTech/cryptoauthlib/wiki/PKCS11-Linux-Setup.

When I run p11tool --list-all I am receiving below response
Capture

When I run p11tool --list-all --provider /usr/lib/libcryptoauth.so I getting this response
Capture

What's the difference between these two commands. Why my outcome is different?

Next I am trying to initialize the chip using the command p11tool --initialize "pkcs11:serial=10A592C2E036" --label appzgate. I am getting the error
Error in pkcs11_init:1439: PKCS #11 error.
Capture

As per the tutorial I am following it supposed to initialize the chip. But I am getting the error.

My requirement is I have SD card having Raspberry Pi OS. I have encrypted the root patriation of my SD card using LUKS encryption, to decrypt back I have generated the key file on USB stick and added the key file to LUKS patriation, when the raspberry pi rebooted the system will read the key from associated USB stick using that key file the SD card will be unlocked and boot up. Due to the USB stick is not secure to store the key file, I trying to store the key file on ATECC608A and read the key file from ATECC608A on boot

Please assist me to resolve this to proceed further
@bryan-hunt
Copy link
Contributor

So the issue I'm seeing from the above are as follows

  1. use the latest release that has been published - in your case to minimize changes use tag 20210121 which is the most recent python version - this will help if you need to run python scripts to verify anything

  2. You are seeing the two tokens because your p11-kit set up is allowing for it. You can modify your p11-kit configuration from merge to only which instead of merging the module configuration from root with the module configuration in your user directory it will instead only use the user configuration.

  3. You are seeing a private and public key from the device - this is an indication that the device is configured and locked already. Trying to initialize an already initialized device will fail.

@pavithran93
Copy link
Author

pavithran93 commented Jan 27, 2021
edited
Loading

Hi bryan,
Thanks for your reply
After I restart the device. I can initialize the token
Capture

          Once I initialize the totally showing three objects.

@pavithran93
Copy link
Author

Thank you.
Issue got solved

This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bryan-hunt @pavithran93