Michael,
Try pulling the latest PKCS11 from:
muscleapps.alioth.debian.org
There is a fix in there that deals with key lengths that might be the culprit. I see:
06/01 12:39:43 +C_SignInit : start 06/01 12:39:43 Active session list: 06/01 12:39:43 Session ID: 9393CF8 06/01 12:39:43 Session ID: 91F0558 06/01 12:39:43 Sign object handle: 0x91F1CC8 06/01 12:39:43 -C_SignInit : end RV(0x0) 06/01 12:39:43 +C_Sign : start 06/01 12:39:43 Output buffer len: 127 06/01 12:39:43 Active session list: 06/01 12:39:43 Session ID: 9393CF8 06/01 12:39:43 Session ID: 91F0558 06/01 12:39:43 (p11x_log.c 52): error: 0x150 "CKR_BUFFER_TOO_SMALL" 06/01 12:39:43 -C_Sign : end RV(0x150) 06/01 12:39:43 +C_CloseSession : start
where the problem might be ...
Dave
On Jan 6, 2005, at 12:57 PM, Micahel Olson wrote:
Thank you, that definitely generated some information. I'm not getting much from it initially so I'm trying to look at the code and figure it now. (If you have the time/inclination to peek at it, http://www.cs.odu.edu/~olson/CAC/ )------------------------------------------------------------------------ ------------
I see that there are differences between running it with the bsiPlugin vs commonAccessCard but nothing obvious appears. Which one should I be using? I would prefer to be operational using commonAccessCard since it's open source.
Thanks Again, Michael
David Corcoran wrote:
Michael,
I would suggest using the pkcs11rc file (contained in the PKCS#11 code) and turning logging to LOW (log low priority messages)
This will create a PKCS11.log file which can be used to determine the problem ...
bsiPlugin.bundle and commonAccessCard.bundle are two different animals - although they have similar API's .....
Thanks, Dave
On Jan 6, 2005, at 10:49 AM, Michael Olson wrote:
I'm trying to get a CAC card in use under Fedora Core 3.
What I'd like to get going altogether is
Working on Web Client Side Authentication first, I have an ActiveCard USB Reader (v2) and a Schlumberger Access 32K V2.
Using PCSC-Lite 1.2.0 and CCID 0.4.1 I seem to have no problems reading the card. I can see it inserted and get my ATR.
I built commonAccessCard.bundle from Darwin and muscleframework 1.1.5, associated it with bundleTool and XCardII 0.9.9 can see the card.
Next up I built libmusclepkcs11.so and loaded it into FireFox 1.0 and tried hitting a client side authenticated page. It prompted me to unlock the card, accepted my pin, and then gave me a list of certificates to use.
This is where things stopped working though. I tried all the certificates listed but can not view the page. (Error establishing an encrypted connection to xxx.navy.mil. Error Code: -12222.)
I tried using bsiPlugin.bundle from ActiveCard Gold 1.0. It seems to work pretty much identically to commonAccessCard.bundle so I also tried using libpkcs11.so with it. Firefox wouldn't even load it.
I've switched back to commonAccessCard.bundle and libmusclepkcs11.so but have no idea what to do to debug things at this point.
Any recommendations?
Thank You, Michael
---------------------------------------------------------------------- -- ------------
David Corcoran [EMAIL PROTECTED]
Identity Alliance http://www.identityalliance.com
Smart Cards, Biometrics, Training, Identity Management
---------------------------------------------------------------------- -- -------------
_______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle
David Corcoran [EMAIL PROTECTED]
Identity Alliance http://www.identityalliance.com
Smart Cards, Biometrics, Training, Identity Management
------------------------------------------------------------------------ -------------
_______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle
