See inline.
On Thu, Aug 20, 2009 at 5:09 PM, Darren J Moffat <Darren.Moffat at
sun.com>wrote:
> Rishi Renjith wrote:
>
>> Yes, the RSA private keys as well as the certificates are stored in the
>> keystore in the card. See below .
>> /*bash-3.00# certutil -K -d .* certutil: Checking token "NSS Certificate
>> DB" in slot "NSS User Private Key and Certificate Services" Enter Password
>> or Pin for "NSS Certificate DB": certutil: no keys found *bash-3.00#
>> certutil -K -d . -h "Sun Software PKCS#11 softtoken"* certutil: Checking
>> token "Sun Software PKCS#11 softtoken" in slot "Sun Crypto Softtoken" Enter
>> Password or Pin for "Sun Software PKCS#11 softtoken": certutil: no keys
>> found *bash-3.00# certutil -K -d . -h "Sun Metaslot"* certutil: Checking
>> token "Sun Metaslot" in slot "Sun Metaslot" Enter Password or Pin for "Sun
>> Metaslot": < 0> rsa //204a23dbb2e82d7d8c1495e3374dcd//4462423e4c Sun
>> Metaslot:cert309 < 1> rsa //54ea6d93df1cfef13064aedc6f6c7f//0dce34e7b6
>> Sun Metaslot:cert147 < 2> rsa
>> //34d4a4974cf325e735dd23bb3a6b46//80249f3550 (orphan) < 3> rsa
>> //2018eecb4c05eb25cd30be4de6f13c//caeadcb43d Sun Metaslot:cert1151 < 4>
>> rsa //61932a2d796fd8f6e82949059176e9//80cde5c55a sanCert < 5> rsa
>> //4e752a9b4a76c1462d9aec76de1617//e08d07ff42 Sun Metaslot:ismc_cert /
>>
>
> what is the output of:
>
> $ cryptoadm list metaslot
>
> Does it look exactly like this:
>
> System-wide Meta Slot Configuration:
> ------------------------------------
> Status: enabled
> Sensitive Token Object Automatic Migrate: enabled
> Persistent object store slot: Sun Crypto Softtoken
> Persistent object store token: Sun Software PKCS#11 softtoken
>
> It shouldn't because I see from an earlier email that you did run
> "cryptoadm enable metaslot token=ks". Was that run before the application
> was started ?
bash-3.00# cryptoadm list metaslot
System-wide Meta Slot Configuration:
------------------------------------
Status: enabled
Sensitive Token Object Automatic Migrate: disabled
Persistent object store token: ks
Yes this was executed before we started the application.
>
>
> Please also show the output of:
>
> $ pktool list
>
> $ pktool list token=ks objtype=both
bash-3.00# pktool list
bash-3.00# pktool list token=ks objtype=both
Enter pin for ks:
Found 1 keys.
Key #1 - RSA private key:
Found 1 certificates.
1. (X.509 certificate)
Label: cert309
ID: b5:b5:ba:b0:d3:cc:8d:ac:99:45:32:8c:70:26:f3:06:a6:dd:64:64
Subject: C=US, ST=California, L=Santa Clara, O=Sun, OU=Org,
CN=nobody
Issuer: C=US, ST=California, L=Santa Clara, O=Sun, OU=Org, CN=nobody
Serial: 0x8E3207E2
>
>
> That assumes your Token name is 'ks'.
>
> $ cryptoadm list -p
bash-3.00# cryptoadm list -p
User-level providers:
=====================
/usr/lib/security/$ISA/pkcs11_kernel.so: all mechanisms are enabled. random
is e
nabled.
/usr/lib/security/$ISA/pkcs11_softtoken_extra.so: all mechanisms are
enabled. ra
ndom is enabled.
Kernel software providers:
==========================
cryptoadm: failed to retrieve the mechanism list for des.
cryptoadm: failed to retrieve the mechanism list for aes256.
arcfour2048: all mechanisms are enabled.
blowfish448: all mechanisms are enabled.
sha1: all mechanisms are enabled, except
CKM_SHA_1,CKM_SHA_1_HMAC,CKM_SHA_1_HMAC
_GENERAL.
cryptoadm: failed to retrieve the mechanism list for sha2.
md5: all mechanisms are enabled, except
CKM_MD5,CKM_MD5_HMAC,CKM_MD5_HMAC_GENERA
L.
swrand: random is enabled.
Kernel hardware providers:
==========================
mca/0: all mechanisms are enabled. random is enabled.
bash-3.00#
>
>
>
> --
> Darren J Moffat
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://mail.opensolaris.org/pipermail/crypto-discuss/attachments/20090820/20821cca/attachment.html>
