Yubikey + OpenSC failing on authentication
Posted: Thu Aug 16, 2018 7:17 am
Hi,
I am trying to understand why my setup fails, and have been trying to figure out this in complete vain. I have Viscosity on Win10. Username password connection establishment works correctly and the VPN is being set-up.
We also have Yubikey based VPN connection, which works correctly on OS X, with the same yubikey, but refuses to connect on W10. I can see in the opensc debug logs, that the certificate is being looked up correctly, if I add the opensc-pkcs11.dll driver and use the detect certificate functionality.
But when I am starting the setup of the connection, although it asks for the PIN it seems to have no effect on the actual yubikey itself and also ... nothing turns up in the opensc logs.
It's probably a long shot, but perhaps someone has some ideas or thoughts where I should look into.
I'm running:
OpenSC 0.18.0 (both 32 and 64 bit are installed)
Viscosity 1.7.11 (1567)
.NET 4.7.03056.461808
After adding verb 7 to provide additional debug logging, what I'm seeing in connection details window is:
I am trying to understand why my setup fails, and have been trying to figure out this in complete vain. I have Viscosity on Win10. Username password connection establishment works correctly and the VPN is being set-up.
We also have Yubikey based VPN connection, which works correctly on OS X, with the same yubikey, but refuses to connect on W10. I can see in the opensc debug logs, that the certificate is being looked up correctly, if I add the opensc-pkcs11.dll driver and use the detect certificate functionality.
But when I am starting the setup of the connection, although it asks for the PIN it seems to have no effect on the actual yubikey itself and also ... nothing turns up in the opensc logs.
It's probably a long shot, but perhaps someone has some ideas or thoughts where I should look into.
I'm running:
OpenSC 0.18.0 (both 32 and 64 bit are installed)
Viscosity 1.7.11 (1567)
.NET 4.7.03056.461808
After adding verb 7 to provide additional debug logging, what I'm seeing in connection details window is:
Code: Select all
Aug 16 00:03:20: PKCS#11: Adding PKCS#11 provider 'C:\Windows\SysWOW64\opensc-pkcs11.dll'
Aug 16 00:03:20: PKCS#11: Adding provider 'C:\Windows\SysWOW64\opensc-pkcs11.dll'-'C:\Windows\SysWOW64\opensc-pkcs11.dll'
Aug 16 00:03:22: PKCS#11: Provider 'C:\Windows\SysWOW64\opensc-pkcs11.dll' added rv=0-'CKR_OK'
...
Aug 16 00:03:23: PKCS#11: Creating a new session
...
Aug 16 00:03:25: PKCS#11: Performing signature
Aug 16 00:03:25: PKCS#11: Getting key attributes
Aug 16 00:03:25: PKCS#11: Get private key attributes failed: 130:'CKR_OBJECT_HANDLE_INVALID'
Aug 16 00:03:25: PKCS#11: Calling pin_prompt hook for 'redacted'
...
Aug 16 00:03:39: PKCS#11: pin_prompt hook return rv=0
Aug 16 00:03:39: PKCS#11: Key attributes loaded (0000000f)
Aug 16 00:03:39: PKCS#11: Private key operation failed rv=257-'CKR_USER_NOT_LOGGED_IN'
Aug 16 00:03:40: PKCS#11: Calling pin_prompt hook for 'redacted'
...
Aug 16 00:03:47: PKCS#11: pin_prompt hook return rv=0
Aug 16 00:03:47: PKCS#11: Cannot perform signature 257:'CKR_USER_NOT_LOGGED_IN'