HOW DO I GET OFF THIS MESSAGE BOARD???????????????????? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Micahel Olson Sent: Thursday, January 06, 2005 11:00 AM To: MUSCLE Subject: Re: [Muscle] CAC - Almost there
I grabbed PKCS11 via CVS and built it. There are defiantly some difference in the error logs (I posted them on http://www.cs.odu.edu/~olson/CAC/ with the others) but the CKR_BUFFER_TOO_SMALL errors remain. Tried it with both bundles as well. Thanks, Michael David Corcoran wrote: > Michael, > > Try pulling the latest PKCS11 from: > > muscleapps.alioth.debian.org > > There is a fix in there that deals with key lengths that might be the > culprit. I see: > > 06/01 12:39:43 +C_SignInit : start > 06/01 12:39:43 Active session list: > 06/01 12:39:43 Session ID: 9393CF8 > 06/01 12:39:43 Session ID: 91F0558 > 06/01 12:39:43 Sign object handle: 0x91F1CC8 > 06/01 12:39:43 -C_SignInit : end RV(0x0) > 06/01 12:39:43 +C_Sign : start > 06/01 12:39:43 Output buffer len: 127 > 06/01 12:39:43 Active session list: > 06/01 12:39:43 Session ID: 9393CF8 > 06/01 12:39:43 Session ID: 91F0558 > 06/01 12:39:43 (p11x_log.c 52): error: 0x150 "CKR_BUFFER_TOO_SMALL" > 06/01 12:39:43 -C_Sign : end RV(0x150) > 06/01 12:39:43 +C_CloseSession : start > > where the problem might be ... > > Dave > > > On Jan 6, 2005, at 12:57 PM, Micahel Olson wrote: > >> Thank you, that definitely generated some information. I'm not >> getting much from it initially so I'm trying to look at the code and >> figure it now. (If you have the time/inclination to peek at it, >> http://www.cs.odu.edu/~olson/CAC/ ) >> >> I see that there are differences between running it with the >> bsiPlugin vs commonAccessCard but nothing obvious appears. Which one >> should I be using? I would prefer to be operational using >> commonAccessCard since it's open source. >> >> Thanks Again, >> Michael >> >> David Corcoran wrote: >> >>> Michael, >>> >>> I would suggest using the pkcs11rc file (contained in the PKCS#11 >>> code) and turning logging to LOW (log low priority messages) >>> This will create a PKCS11.log file which can be used to determine >>> the problem ... >>> >>> bsiPlugin.bundle and commonAccessCard.bundle are two different >>> animals - although they have similar API's ..... >>> >>> Thanks, >>> Dave >>> >>> >>> On Jan 6, 2005, at 10:49 AM, Michael Olson wrote: >>> >>>> I'm trying to get a CAC card in use under Fedora Core 3. >>>> >>>> What I'd like to get going altogether is >>>> >>>> Working on Web Client Side Authentication first, I have >>>> an ActiveCard USB Reader (v2) and a Schlumberger Access 32K V2. >>>> >>>> Using PCSC-Lite 1.2.0 and CCID 0.4.1 I seem to have no >>>> problems reading the card. I can see it inserted and get my ATR. >>>> >>>> I built commonAccessCard.bundle from Darwin and >>>> muscleframework 1.1.5, associated it with bundleTool and >>>> XCardII 0.9.9 can see the card. >>>> >>>> Next up I built libmusclepkcs11.so and loaded it into >>>> FireFox 1.0 and tried hitting a client side authenticated >>>> page. It prompted me to unlock the card, accepted my pin, >>>> and then gave me a list of certificates to use. >>>> >>>> This is where things stopped working though. I tried all the >>>> certificates listed but can not view the page. (Error establishing >>>> an encrypted connection to xxx.navy.mil. Error Code: -12222.) >>>> >>>> I tried using bsiPlugin.bundle from ActiveCard Gold 1.0. It seems >>>> to work pretty much identically to commonAccessCard.bundle so I >>>> also tried using libpkcs11.so with it. Firefox wouldn't even load it. >>>> >>>> I've switched back to commonAccessCard.bundle and libmusclepkcs11.so >>>> but have no idea what to do to debug things at this point. >>>> >>>> Any recommendations? >>>> >>>> Thank You, >>>> Michael >>> >>> >>> ---------------------------------------------------------------------- >>> -- ------------ >>> David Corcoran [EMAIL PROTECTED] >>> Identity Alliance http://www.identityalliance.com >>> >>> Smart Cards, Biometrics, Training, Identity Management >>> ---------------------------------------------------------------------- >>> -- ------------- >> > ------------------------------------------------------------------------ > ------------ > David Corcoran [EMAIL PROTECTED] > Identity Alliance http://www.identityalliance.com > > Smart Cards, Biometrics, Training, Identity Management > ------------------------------------------------------------------------ > ------------- _______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle _______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle
