[gnutls-help] GnuTLS always 'scans' all usb tokens

Nikos Mavrogiannopoulos nmav at gnutls.org
Fri Mar 10 08:55:28 CET 2017

On Fri, Mar 10, 2017 at 6:44 AM, Mandar Joshi <emailmandar at gmail.com> wrote:
> Hello,
> I have few ePass2003 Auto Tokens that I use for storing my encryption keys.
> They work well except for the fact that when any application making
> use of gnutls pkcs11 functions starts, all the connected tokens get
> 'scanned' even when a specific uri that exists on the system is
> specified to a function like gnutls_pkcs11_obj_list_import_url4 (...)
> I can see the light green led flash on the connected tokens for few
> seconds. This doesn't happen in parallel, the 'scanning' happens one
> by one thus causing a huge delay.

Most likely the URI that you provide is generic enough to cover all
the tokens, and thus they are all scanned for the object. You will
have to specify a URI which can be used to identify a unique token.
For example a uri 'pkcs11:id=01' is not unique, any token in the
system may match. You'll have at least to specify the token serial and
name (my guess is that your tokens have all the same name, but
different serial?). Use p11tool --list-tokens to figure out their
unique parts.


More information about the Gnutls-help mailing list