Carl Youngblood wrote:
To Tommaso and any others who may know the answer:
I just built sign-mcard-0.2.0. In the README, I noticed the following text:
"Please, note that you can only use with sign-mcard
keypairs and certificates generated with this PKCS#11 module,
but you cannot use with the same module a keypair/certificate
loaded with the loadkey-mcard utility."
Hi,
maybe that text seems somewhat cryptic... and actually it is not
clear at all, sorry ... the incompatibility is due to the fact that
my loadkey-mcard utility only imports a private key and stores a
public key certificate on the device, while the PKCS#11 module from
MuscleCard also needs two further objects containing key and certificate
P#11 attributes, for each imported key/cert. So, a key imported with
loadkey-mcard will **not** work with the P#11 module from MuscleCard
(but it will work with my P#11 from SmartSign).
Conversely, a key imported with the P#11 module from MuscleCard works
fine with Sign-MCard, provided that the right parameters are fed into
the command line options.
What I'm really trying to figure out is what is the easiest (not
necessarily best but easiest) way to generate a keypair and
certificate and get them both on a musclecard-based token. Any
I saw you already figured it out by yourself: just use Mozilla !!
The loadkey-mcard comes along with Sign-MCard just to provide an easy
means for loading a <key,cert> pair on the device and start playing with
sign-mcard, without any need to install Pkcs#11 and Mozilla or Netscape.
the community. I'm already putting one together for the whole process
I've gone through to build all the different layers and get my
smartcard solution working. It's been quite a laborious process. I
appreciate all the help I've received so far.
I guess a place where you could post your hints is the SmartCard HOWTO
that can be found here [1], for example, but I don't know if anybody
is maintaining / is going to update its contents.
Also, I would be more than happy to integrate your hints into the
Smart Sign FAQ section [2].
Last, but not least, if you're going to experiment digital signatures
through the P#11 interface, please consider using QSign, from SmartSign,
which is a completely P#11-oriented, qt-based, signing / verifying
tool.
I hope this helps,
bye,
T.
[1] http://howtos.linuxbroker.com/howtoreader.php?file=Smart-Card-HOWTO.html
[2] http://smartsign.sourceforge.net/faq.html
Thanks,
Carl Youngblood
--
,------------------------------------------------.
| Tommaso Cucinotta <t.cucinotta *at* sssup.it> |
>------------------------------------------------<
! Scuola Superiore di Studi Universitari !
! e Perfezionamento S.Anna !
! Pisa Italy !
`------------------------------------------------'
_______________________________________________
Muscle mailing list
[EMAIL PROTECTED]
http://lists.drizzle.com/mailman/listinfo/muscle
