Usage with two card readers, with one being constantly opened exclusively

[martinpaljak]

I have a YubiKey 4 Nano always connected and used by the pgp-agent, in exclusive mode:

$ opensc-tool -lv
# Detected readers (pcsc)
Nr.  Card  Features  Name
0    Yes             Yubico Yubikey 4 U2F+CCID
     3b:f8:13:00:00:81:31:fe:15:59:75:62:69:6b:65:79:34:d4 [EXCLUSIVE]
1    Yes             Gemalto PC Twin Reader
     3b:fe:18:00:00:80:31:fe:45:45:73:74:45:49:44:20:76:65:72:20:31:2e:30:a8 EstEID 3.0 (dev1) cold 

This results in chrome-token-signing to fail in spectacular way:

SEND 123: {"type":"CERT","lang":"en","nonce":"j9nfuxqwqbtq1xkh","src":"page.js","origin":"https://open-eid.github.io","tab":123}
background.js:174 RECV 123: {"result":"technical_error","nonce":"j9nfuxqwqbtq1xkh","ver":1}

While I understand that this might be a problem with the underlying PKCS#11 implementation, it is not nice nor acceptable to fail this way.

$ pkcs11-tool -L
Available slots:
Slot 0 (0x0): (GetSlotInfo failed, CKR_DEVICE_ERROR)
Slot 1 (0x4): Gemalto PC Twin Reader
  token label        : PIN1 (PALJAK,MARTIN,38207162722)
  token manufacturer : AS Sertifitseerimiskeskus
  token model        : PKCS#15 emulated
  token flags        : login required, rng, token initialized, PIN initialized
  hardware version   : 0.0
  firmware version   : 0.0
  serial num         : AA0448165
Slot 2 (0x5): Gemalto PC Twin Reader
  token label        : PIN2 (PALJAK,MARTIN,38207162722)
  token manufacturer : AS Sertifitseerimiskeskus
  token model        : PKCS#15 emulated
  token flags        : login required, rng, token initialized, PIN initialized
  hardware version   : 0.0
  firmware version   : 0.0
  serial num         : AA0448165

[martinpaljak]

Here is a sample log (with some noise removed) test.log.txt

[Telgat]

Should be fixed with https://github.com/open-eid/chrome-token-signing/commit/9d299b0d7cf839524aaae900f3989ff256890053