Pkcs11-tool No Slot With A Token Was Found

Posted on 4/11/202222.08.2017by admin

Directly using pkcs11-tool. Creation of new RSA key pair is quite easy using pkcs11-tool. You need only one command to do so. But again, first, you need to find out in which slot is your card and specify library for a provider in module option (example with opencryptoki software token).
C:Program Files (x86)OpenSC ProjectOpenSCtoolspkcs11-tool.exe -module eps2003csp11.dll -M No slot with a token was found. Share improve this answer edited Jul 30 '14 at 6:28.

Pkcs11-tool No Slot With A Token Was Found 2017
Pkcs11-tool No Slot With A Token Was Found Within

Slot 2 -so-pin 12345678 I also researched and found that in pkcs15-init, a function to ask for PIN is implemented and added via scpkcs15initsetcallbacks, but pkcs11-tool does not do so. The question is: - 'Not ask for PIN' is intentional design of pkcs11-tool or a limitation? - What is the right way to provide Admin PIN to pkcs11-tool.

2012-05-30 09:21:03 UTC

Hello all,
As you may know, I'm trying to implement writing certificate to OpenPGP
card via PKCS#11.
I succeed with pkcs15-init tool but have difficulty with pkcs11-tool.
When I import via pkcs15-init tool (Command: pkcs15-init
--store-certificate ***@mbm.vn.pem), the tool asks for Admin PIN
and the work is done. But when I try with pkcs11-tool:
pkcs11-tool --module=/usr/lib/opensc-pkcs11.so -w quannguyen.crt -y cert
--slot 2
the tool does not ask for PIN and the write cannot succeed (in OpenPGP
card, writing certificate requires SO (Admin) PIN).
I tried to provide the Admin PIN in the command, but still not successful:
pkcs11-tool --module=/usr/lib/opensc-pkcs11.so -w quannguyen.crt -y cert
--slot 2 -l --so-pin 12345678
pkcs11-tool --module=/usr/lib/opensc-pkcs11.so -w quannguyen.crt -y cert
--slot 2 --so-pin 12345678
I also researched and found that in pkcs15-init, a function to ask for
PIN is implemented and added via sc_pkcs15init_set_callbacks(), but
pkcs11-tool does not do so.
The question is:
- 'Not ask for PIN' is intentional design of pkcs11-tool or a limitation?
- What is the right way to provide Admin PIN to pkcs11-tool to allow to
write data?
- When I do import certificate in Firefox, the browser ask for a PIN. I
expect it to ask for Admin PIN but not sure which PIN it actually asks
for (user PIN, to login to slot, or admin PIN, to write data). Do you
know how Firefox determines which PIN to ask? Does it always ask for
user PIN of the slot, or smart enough to ask for right PIN?

--
Regards,
Quân

pkcs11-tool: utility for managing and using PKCS #11 security tokens

Command to display pkcs11-tool manual in Linux: $ man 1 pkcs11-tool

NAME

pkcs11-tool - utility for managing and using PKCS #11 security tokens

SYNOPSIS

pkcs11-tool[OPTIONS]

DESCRIPTION

Thepkcs11-toolutility is used to manage the data objects on smart cards and similar PKCS #11 security tokens. Users can list and read PINs, keys and certificates stored on the token. User PIN authentication is performed for those operations that require it.

OPTIONS

--login, -l

Use the givenpinas the Security Officer PIN for some token operations (token initialization, user PIN initialization, etc). The same warning as--pinalso applies here.

--init-token

Initializes the user PIN. This option differs from --change-pin in that it sets the user PIN for the first time. Once set, the user PIN can be changed using--change-pin.

--change-pin, -c

Performs some tests on the token. This option is most useful when used with either--loginor--pin.

--show-info, -I

Displays a list of available slots on the token.

--list-mechanisms, -M

Displays a list of objects.

--sign, s

Hash some data.

--mechanismmechanism, -mmechanism

Generate a new key pair (public and private pair.)

--write-objectid, -wid

Specify the type of object to operate on. Examples arecert,privkeyandpubkey.