I have a SafeNet 5100 eToken that I use to sign code and generate hashes. This token was recently moved to a virtualhere server to enable USBIP use of the token. This works great on windows, but not when using a containerized ubuntu environment.
I start the environment in privileged mode then enter an interactive session with docker exec -it my-container bash then I use the virtual here client to find and connect my remote security key. I can see the key connected using lsusb
root@6e344d5cdc42:/# lsusb
Bus 002 Device 001: ID 1d6b:0003 Linux 5.15.146.1-microsoft-standard-WSL2 vhci_hcd USB/IP Virtual Host Controller
Bus 001 Device 008: ID 0529:0620 SafeNet Token JC
Bus 001 Device 001: ID 1d6b:0002 Linux 5.15.146.1-microsoft-standard-WSL2 vhci_hcd USB/IP Virtual Host Controller
As I understand it the manufacturers of the token distribute pkcs11 implementations which I have downloaded and installed from here https://www.globalsign.com/en/safenet-drivers/USB/10.8/GlobalSign-SAC-Ubuntu-2204.zip
Next I try to access my token using my python test script:
if __name__ == "__main__":
import sys
import os
print("Testing PKCS11 install ...")
print("searching for pkcs11 lib under variable PKCS11")
lib = os.environ.get("PKCS11")
print(f"Found: {lib}")
if not os.path.exists(lib):
print("L + bozo")
print("Your lib cannot be found double check your path")
sys.exit(1)
pkcs11 = PyKCS11.PyKCS11Lib()
pkcs11.load(lib)
info = pkcs11.getInfo()
print("_" * 80)
print("MANUFACTURER ID:", info.manufacturerID)
print(info)
print("_" * 80)
slots = pkcs11.getSlotList()
for slot in slots:
print(f"Found [{slot}]")
print(pkcs11.getTokenInfo(slot))
This script cannot find my USB, I have also tried opensc-tools and pykcs11-tools to access my usb. Neither has recognized a connected security token.
It’s also worth noting that this same python script is able to find and use my remotely connected token in a windows environment.
I don’t really know where to go from here. Any help would be appreciated.