unable to read eID in Fedora 35

[emversch]

downloaded eid-viewer and eid-mw from dnf after adding repository. Cannot log in in Firefox, eid-viewer also fails detailed log of eid-viewer after insterting eID in reader:

D: Handling state transition for event TOKEN_INSERTED D: Leaving state READY D: Leaving state NO_TOKEN D: C_OpenSession(slot, 0x00000004UL, 0, 0, &session) returned 0xe1 D: Entering state TOKEN (target) D: Entering state TOKEN_ID (child) D: C_FindObjectsInit(session, &attr, 1) returned 0xb3 D: Handling state transition for event STATE_ERROR D: Leaving state TOKEN_ID D: C_FindObjectsFinal(session) returned 0xb3 D: Entering state TOKEN_ERROR (target) D: State transition for STATE_ERROR complete D: State transition detected, aborting handling of TOKEN_INSERTED

[yoe]

D: C_FindObjectsInit(session, &attr, 1) returned 0xb3

0xb3 is CKR_SESSION_HANDLE_INVALID. This would point towards something interrupting the communication with the card. Possibilities for that are:

• A hardware issue, which causes contact with the card or the reader to be lost
• Some other process kills pcscd outside of the viewer or the middleware
• Something interferes with the communication between your application and pcscd, or between pcscd and the card reader.

I'm not sure what exactly that would be, but it must be something along those lines.

[yoe]

Correction. The session is invalidated because of an earlier error, which I had missed (sorry about that):

D: C_OpenSession(slot, 0x00000004UL, 0, 0, &session) returned 0xe1

0xe1 is CKR_TOKEN_NOT_RECOGNIZED. This would point towards issues with the card, instead.

Please contact the BOSA service desk for further assistance, through https://eid.belgium.be/en/contact (or the French/Dutch variant of that option, if required).

[emversch]

I do not think this is a problem related to my card, as I can read out my eID in Windows without problems (eid viewer from https://eid.belgium.be/nl, same eID cardreader used)

[yoe]

That's odd. Can you create a PKCS#11 log on the Linux system, and share that with me? To do so, you create a file called .config/beid.conf in your home directory, with the following contents:

[logging]
log_dirname=/path/to/directory
log_prefix=mwlog
log_level=debug

where /path/to/directory is obviously some path to an existing directory that your user has write access to. Then try to recreate the problem.

Email address in commit logs ;-)

[emversch]

This is interesting: if I add the conf file you mentioned it works both in the eid-viewer and in browser. However once I remove the conf file it fails again

I can send you the logs but I don't understand your comment about the email address in commit logs (looked to the commits in branch master but didn't find a relevant email address)

[yoe]

Sigh. I hate heisenbugs...

Which card reader are you using?

[yoe]

(no need to send me the logs if you can't reproduce it with the logs enabled; that doesn't help me...)

[emversch]

I am using a ACR38-CFC-RZET21 from Advanced Card Systems Ltd. (www.acs.com.hk) it looks the same as this one but it is red

[yoe]

Ah, that could explain it. This is an ACR38U; they need specific drivers.

Did you install the "pcsc-lite-acsccid" package? If not, try installing that and see if that fixes the issue for you (you may have to restart pcscd for it to be active).

[emversch]

It seems to work fine now even before installing the package (don't know what changed this time, but I disabled the config file)... to be sure I did install the package as you suggested. As I am not encountering anymore problems I guess we can mark this issue as closed.

For future reference, how do I know what additional packages to install?

[yoe]

There's really only one package that you may have to install, and that's the pcsc-lite-acsccid one. This is only the case because of the age of that particular card reader; more recent card readers work with the CCID driver and should all work out of the box.

If not, that's really a driver issue that your card reader's manufacturer should point out to you, and somewhat out of scope for general eID support.

Anyway, since the issue seems fixed, closing, indeed.