FAQ - chromiumos/third_party/opencryptoki - Git at Google



  openCryptoki FAQ - Kent Yoder <yoder1@us.ibm.com>
 -----------------------------------------------------------------------------

  1. Q. All openCryptoki applications are returning CKR_TOKEN_NOT_PRESENT,
     even though the token is there, and its STDLL is in the right place.
     What's the problem?

     A1. The user who's executing the application is probably not a member
     of the pkcs11 group.

     A2. Check that the device driver for your hardware token is loaded.
     (`lsmod` in Linux).

     A3. If you're doing development, this error will also be returned of your
     token's STDLL has unresolved symbols in it.  Enable debugging and
     check the debug log to find out what symbols are undefined.

  2. Q. When C_Initialize() gets called by my app, openCryptoki returns
     CKR_HOST_MEMORY, even though I've got lots of free memory.  What's
     the problem?

     A1. CKR_HOST_MEMORY is returned also if openCryptoki cannot attach
     to shared memory.  This can happen if:

 	a1. The user who's executing the application is not a member of
 	the pkcs11 group.

 	a2. pkcsslotd is not running.

  3. Q. pkcsconf is returning:

     Error getting token info: 0x2
 	This is CKR_HOST_MEMORY, see question 2.

     Error getting token info: 0x3
 	The slot ID you're providing is invalid.

  4. Q. How can I get the complete debug logs from openCryptoki?

 	A. First, for openCryptoki-2.0 forward, define the environment variable
 	   PKCS11_API_LOG_DEBUG=1 (in versions of openCryptoki before 2.0,
 	   define AIX_PKCS11_API_LOG_DEBUG=1). Also, apparently by default
 	   syslogd does not have an entry in /etc/syslogd.conf for debug
 	   messages, so even if you have debug messages enabled in your
 	   openCryptoki compile, you'll not get them in the system log until
 	   you edit /etc/syslogd.conf and restart syslogd.  Add an entry in
 	   /etc/syslogd.conf such as:

 	# vi /etc/syslogd.conf
 	---
 	[...]

 	*.debug				/var/log/debuglog
 	---
 	# killall -HUP syslogd

 	   Now, when openCryptoki is configured with the --enable-debug
 	   option (or if you install the -debug rpms), /var/log/debuglog
 	   will receive its debugging messages.

  5. Q. My PKCS#11 app is hangs at the point where the PKCS11_API.so tries
     to log data to the system log. What can I do to fix this?

 	A. Link your application against the pthread library.

 -----------------------------------------------------------------------------
  openCryptoki FAQ


	openCryptoki FAQ - Kent Yoder <yoder1@us.ibm.com>
	-----------------------------------------------------------------------------

	1. Q. All openCryptoki applications are returning CKR_TOKEN_NOT_PRESENT,
	even though the token is there, and its STDLL is in the right place.
	What's the problem?

	A1. The user who's executing the application is probably not a member
	of the pkcs11 group.

	A2. Check that the device driver for your hardware token is loaded.
	(`lsmod` in Linux).

	A3. If you're doing development, this error will also be returned of your
	token's STDLL has unresolved symbols in it. Enable debugging and
	check the debug log to find out what symbols are undefined.

	2. Q. When C_Initialize() gets called by my app, openCryptoki returns
	CKR_HOST_MEMORY, even though I've got lots of free memory. What's
	the problem?

	A1. CKR_HOST_MEMORY is returned also if openCryptoki cannot attach
	to shared memory. This can happen if:

	a1. The user who's executing the application is not a member of
	the pkcs11 group.

	a2. pkcsslotd is not running.

	3. Q. pkcsconf is returning:

	Error getting token info: 0x2
	This is CKR_HOST_MEMORY, see question 2.

	Error getting token info: 0x3
	The slot ID you're providing is invalid.

	4. Q. How can I get the complete debug logs from openCryptoki?

	A. First, for openCryptoki-2.0 forward, define the environment variable
	PKCS11_API_LOG_DEBUG=1 (in versions of openCryptoki before 2.0,
	define AIX_PKCS11_API_LOG_DEBUG=1). Also, apparently by default
	syslogd does not have an entry in /etc/syslogd.conf for debug
	messages, so even if you have debug messages enabled in your
	openCryptoki compile, you'll not get them in the system log until
	you edit /etc/syslogd.conf and restart syslogd. Add an entry in
	/etc/syslogd.conf such as:

	# vi /etc/syslogd.conf
	---
	[...]

	*.debug /var/log/debuglog
	---
	# killall -HUP syslogd

	Now, when openCryptoki is configured with the --enable-debug
	option (or if you install the -debug rpms), /var/log/debuglog
	will receive its debugging messages.

	5. Q. My PKCS#11 app is hangs at the point where the PKCS11_API.so tries
	to log data to the system log. What can I do to fix this?

	A. Link your application against the pthread library.

	-----------------------------------------------------------------------------
	openCryptoki FAQ