-
Notifications
You must be signed in to change notification settings - Fork 98
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ykcs11.so does not recognize SO PIN #204
Comments
Correct, |
Thank you, a-dma. I now understand that SO PIN is the management key. However I'm still having a trouble because p11tool accepts SO PIN up to 31 letters. Is there any workaround? |
I haven't used p11tool much, but you're right, I've had a quick look at the source code and they define If you're fine with using |
For test purpose, I hardcoded 48 letters SO PIN an I was able to log in to the device as SO. However it turned out some facts.
We are using a 3rd party tool chain to implement secure boot system for our products. Since we don't have a time to investigate inside of 3rd party tool, and we are not professional on cryptography, we need to use a HSM token fully compatible with PKCS#11, and I concluded YubiKey and ykcs11 are not ready for PKCS#11. We will purchase another HSMs. I returned all YubiKeys yesterday and I am no longer able to help for yubico_piv_tool. However thank you for your support. |
I'm trying to write a private key to a YubiKey FIPS, and I'm getting an error.
User PIN and SO PIN are not changed from default for now.
In C_Login function, I found this code.
It sounds strange because it says SO PIN must be 48 letters.
Then I took off this 'if' block, but I get another error as below.
Does it mean the default SO PIN is not 12345678 but something else in 48 letters?
The text was updated successfully, but these errors were encountered: