I have a virtualhere server running on a NAS. I need to use this server to access a Safenet 5100 eToken which is connected to the NAS. This works great when I am connected to windows. I am able to find the token through the client then use it to sign my files. The problem is that I am setting up a docker container to automate processes and I simply cannot get my token to work correctly on this container.
The container is Debian-based. I start by downloading the client with wget:wget "https://www.virtualhere.com/sites/default/files/usbclient/vhuit64"
Then I start the deamon, with./vhclientx86_64 -na or ./vhclientx86_64 -n I have tried both
After configuring the hub connection I am able to find my token using./vhclientx86_64 -t list then attach it with ./vhclientx86_64 -t use,token.
I can confirm that the token is connected using lsusb, but I can't use it with any utilities. It is not recognized as a reader by pykcs11-tool --list-readers nor by opensc-tool --list-readers. I have downloaded the safenet driver with wget https://www.globalsign.com/en/safenet-drivers/USB/10.8/GlobalSign-SAC-Ubuntu-2004.zip and I have pointed the pkcs11 tools to the appropriate .so file I just don't know whats wrong.
The only hint I have found at the underlying issue is this warning in dmesg[27473.956301] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(11)[27473.956306] vhci_hcd vhci_hcd.0: devid(4) speed(2) speed_str(full-speed)[27473.956356] vhci_hcd vhci_hcd.0: Device attached[27474.235149] vhci_hcd: vhci_device speed not set <-- warning [27474.305183] usb 1-1: new full-speed USB device number 7 using vhci_hcd[27474.385308] vhci_hcd: vhci_device speed not set <-- warning[27474.455163] usb 1-1: SetAddress Request (7) to port 0[27474.525671] usb 1-1: New USB device found, idVendor=0529, idProduct=0620, bcdDevice= 0.01[27474.525677] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0[27474.525678] usb 1-1: Product: Token JC[27474.525680] usb 1-1: Manufacturer: SafeNet
I know this may not even be an issue with your software but I'm hoping you may have some insight. Any help would be appreciated.
output of lsusb then opensc-tool --list-readersroot@6e344d5cdc42:/# lsusbBus 002 Device 001: ID 1d6b:0003 Linux 5.15.146.1-microsoft-standard-WSL2 vhci_hcd USB/IP Virtual Host ControllerBus 001 Device 008: ID 0529:0620 SafeNet Token JCBus 001 Device 001: ID 1d6b:0002 Linux 5.15.146.1-microsoft-standard-WSL2 vhci_hcd USB/IP Virtual Host Controllerroot@6e344d5cdc42:/# opensc-tool --list-readersNo smart card readers found.root@6e344d5cdc42:/#
.
Interesting, i use the same token and i ran a quick test in WSL and it works fine (see below). So it seems like its a docker container issue rather than a linux or virtualhere. Im not too familiar with docker so im not sure what change to make ther.e
Note: You dont need to run
vhuit64because thats for a GUI client. You just need to runsudo ./vhclientx86_64 -nthen ./vhclientx86_64 -t "LIST"then./vhclientx86_64 -t "USE,<address>"Here is my run in my windows WSL session:
michael@NEWXPS17:/mnt/c/Users/mail$ sudo ./vhclientx86_64 -nmichael@NEWXPS17:/mnt/c/Users/mail$ ./vhclientx86_64 -t add "192.168.1.148"michael@NEWXPS17:/mnt/c/Users/mail$ ./vhclientx86_64 -t listVirtualHere Client IPC, below are the available devices:(Value in brackets = address, * = Auto-Use)ASUSTOR Hub (ASUSTOR:7575)--> Token JC (ASUSTOR.71)Auto-Find currently onAuto-Use All currently offReverse Lookup currently offReverse SSL Lookup currently offVirtualHere Client is running as a servicemichael@NEWXPS17:/mnt/c/Users/mail$ ./vhclientx86_64 -t "USE,ASUSTOR.71"OKmichael@NEWXPS17:/mnt/c/Users/mail$ lsusbBus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hubBus 001 Device 002: ID 0529:0620 Aladdin Knowledge Systems Token JCBus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hubmichael@NEWXPS17:/mnt/c/Users/mail$ opensc-tool -l# Detected readers (pcsc)Nr. Card Features Name0 Yes SafeNet eToken 5100 [eToken 5110 SC] 00 00What pkcs11 implementation?
Can I ask what pkcs11 implementation you are using? Are you using the default openssl implementation or do you have a Safenet implementation linked?
.
Just the default installed with Windows Subsystem For linux (Ubuntu) nothing else, no safenet driver