In order to build OpenSC with custom flags and not interfere with my current installation, I’ve prepared a Docker image with scsh3
installed that can access the Nitrokey HSM and use OpenSSL with the keys. When I’m in the container, however, using scripts in the smart card shell FAIL. SCSH3 scripts only work on my desktop (non-container) using the GUI.
Are there more requirements for the smartcard shell scripts to work properly?
The Dockerfile:
FROM ubuntu
RUN DEBIAN_FRONTEND=noninteractive apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get -y install pcscd libccid libpcsclite-dev \
libssl-dev libreadline-dev autoconf automake build-essential \
docbook-xsl xsltproc libtool pkg-config wget usbutils gnutls-bin unzip \
openjdk-8-jdk ant ca-certificates-java && \
update-ca-certificates -f;
# Setup JAVA_HOME -- useful for docker commandline
ENV JAVA_HOME /usr/lib/jvm/java-8-openjdk-amd64/
RUN export JAVA_HOME
# install and build OpenSC - https://github.com/OpenSC/OpenSC
RUN wget -q https://github.com/OpenSC/OpenSC/releases/download/0.20.0/opensc-0.20.0.tar.gz && \
tar xfvz opensc-0.20.0.tar.gz && \
cd opensc-0.20.0 && \
./bootstrap && \
./configure CPPFLAGS=-DPRINT_DKEK_SHARE --prefix=/usr --sysconfdir=/etc/opensc && \
make && \
make install
# install and build libp11 - https://github.com/OpenSC/libp11
RUN wget -q https://github.com/OpenSC/libp11/releases/download/libp11-0.4.10/libp11-0.4.10.tar.gz && \
tar xfvz libp11-0.4.10.tar.gz && \
cd libp11-0.4.10 && \
./configure --with-pkcs11-module=/usr/lib/opensc-pkcs11.so && \
make && \
make install
RUN wget -q https://www.openscdp.org/download/scsh3/scsh3.16.426-noinstall.zip && \
unzip scsh3.16.426-noinstall.zip && \
chmod +x /scsh3.16.426/scsh3
WORKDIR /scsh3.16.426
Running ./scsh3
and trying load('decrypt_keyblob.js')
from within the docker container OR from the desktop results in this eror:
org.mozilla.javascript.EcmaError: ReferenceError: "print" is not defined. (/home/jared/dev/smartcards/smartcard-hsm/scsh3.15.388/scsh/sc-hsm/DKEK.js#474)
at /home/jared/dev/smartcards/smartcard-hsm/scsh3.15.388/scsh/sc-hsm/DKEK.js#474
at /home/jared/dev/smartcards/smartcard-hsm/scsh3.15.388/decrypt_keyblob.js#55
The only way I can successfully use SCSH3 scripts is from the gui on desktop using ./scsh3gui
. Then there are no errors. Is there a way to use the scsh3 tool in a headless environment? Does de.cardcontact.scdp.engine.CommandProcessor
not allow print()
, and if not, is there a workaround?