El dom, 09-01-2005 a las 10:00 +0200, Vladimir Beker escribiÃ:
> It depends on what exactly you need to do. Since eToken
> Pro is actually smartcard (like most of USB tokens in the
> world, I guess) there is no such thing to get the whole
> information from it: it is impossible to get keys from the
> card.
> I guess that you have eToken Pro prepared to work with some
> software and want to get access to relevant objects.
> If you have eToken prepared with some PKCS#11-library - use
> the same library to get objects. If it is spoken about opensc
> - I guess it is PKCS#15 compliant, so you may try to parse it
> by yourself. If it is prepared with PKCS#11 module provided by
> Aladdin itself - it uses proprietary format.
Vladimir.
Thanks for your reply.
Following your advices and the David and Andreas advices, I formatted
the eToken with the eToken utilitary for Windows and finally installed
opensc and openct programs with no troubles.
Following the opensc's QUICKSTART , I've executed successfully the
commands:
# pkcs15-init --create-pkcs15
# pkcs15-init --store-pin --auth-id 01 --label "Rodrigo Henriquez"
# pkcs15-init --generate-key rsa/1024 --auth-id 01
No troubles at this point. The problem begins, when I tried to create
the RSA key:
OpenSSL> engine dynamic -pre SO_PATH:/usr/lib/opensc/engine_pkcs11.so -
pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD
(dynamic) Dynamic engine loading support
[Success]: SO_PATH:/usr/lib/opensc/engine_pkcs11.so
[Success]: ID:pkcs11
[Success]: LIST_ADD:1
[Success]: LOAD
Loaded: (pkcs11) pkcs11 engine
OpenSSL> req -engine pkcs11 -new -key id_45 -keyform engine -out req.pem
-text -x509
Debug: connect() failed: No such file or directory
Debug: connect() failed: No such file or directory
Debug: connect() failed: No such file or directory
Debug: connect() failed: No such file or directory
engine "pkcs11" set.
Debug: connect() failed: No such file or directory
Debug: connect() failed: No such file or directory
Debug: connect() failed: No such file or directory
Debug: connect() failed: No such file or directory
Debug: connect() failed: No such file or directory
SmartCard PIN:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a
DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:CL
State or Province Name (full name) [Berkshire]:Santiago
Locality Name (eg, city) [Newbury]:Santiago
Organization Name (eg, company) [My Company Ltd]:Corp. Linux S.A.
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:[EMAIL PROTECTED]
Segmentation fault
^^^^^^^^^^^^^^^^^^
I did a "strace openssl" and executed the same commands, but I didn't
find nothing relevant:
write(2, "You are about to be asked to ent"..., 73You are about to be
asked to enter information that will be incorporated
) = 73
write(2, "into your certificate request.\n", 31into your certificate
request.
) = 31
write(2, "What you are about to enter is w"..., 76What you are about to
enter is what is called a Distinguished Name or a DN.
) = 76
write(2, "There are quite a few fields but"..., 58There are quite a few
fields but you can leave some blank
) = 58
write(2, "For some fields there will be a "..., 47For some fields there
will be a default value,
) = 47
write(2, "If you enter \'.\', the field will"..., 48If you enter '.',
the field will be left blank.
) = 48
write(2, "-----\n", 6-----
) = 6
write(2, "Country Name (2 letter code) [GB"..., 34Country Name (2 letter
code) [GB]:) = 34
read(0, CL
"CL\n", 1024) = 3
write(2, "State or Province Name (full nam"..., 47State or Province Name
(full name) [Berkshire]:) = 47
read(0, Santiago
"Santiago\n", 1024) = 9
write(2, "Locality Name (eg, city) [Newbur"..., 35Locality Name (eg,
city) [Newbury]:) = 35
read(0, Santiago
"Santiago\n", 1024) = 9
write(2, "Organization Name (eg, company) "..., 49Organization Name (eg,
company) [My Company Ltd]:) = 49
read(0, Corp. Linux S.A.
"Corp. Linux S.A.\n", 1024) = 17
write(2, "Organizational Unit Name (eg, se"..., 42Organizational Unit
Name (eg, section) []:) = 42
read(0, Ingenieria
"Ingenieria\n", 1024) = 11
write(2, "Common Name (eg, your name or yo"..., 57Common Name (eg, your
name or your server's hostname) []:) = 57
read(0, corporacionlinux.cl
"corporacionlinux.cl\n", 1024) = 20
write(2, "Email Address []:", 17Email Address []:) = 17
read(0, [EMAIL PROTECTED]
"[EMAIL PROTECTED]", 1024) = 22
time([1105294788]) = 1105294788
open("/etc/localtime", O_RDONLY) = 4
fstat64(4, {st_mode=S_IFREG|0644, st_size=890, ...}) = 0
fstat64(4, {st_mode=S_IFREG|0644, st_size=890, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0xf6f56000
read(4, "TZif\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\6\0\0\0\6\0"...,
4096) = 890
close(4) = 0
munmap(0xf6f56000, 4096) = 0
time([1105294788]) = 1105294788
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV (core dumped) +++
After that, I executed a gdb to see what happening but it just says
this:
[EMAIL PROTECTED] rhenriqu]# gdb -c core.11531
GNU gdb Red Hat Linux (6.1post-1.20040607.43rh)
This GDB was configured as "i386-redhat-linux-gnu".
Core was generated by `openssl'.
Program terminated with signal 11, Segmentation fault.
#0 0x419ff569 in ?? ()
I was googlizing but I didn't find anything useful or relevant.
FYI I'm using FC3, openct-0.6.2, opensc-0.9.4 and openssl-0.9.7a-40.
opensc and openct were compiled on this way:
openct:
# ./configure --prefix=/usr --sysconfdir=/etc
OpenCT has been configured with the following options
User binaries: ${exec_prefix}/bin
Configuration files: /etc
Host: i686-pc-linux-gnu
Compiler: gcc
Compiler flags: -Wall -g -O2
Preprocessor flags: -I${top_builddir}/src/include -I
${top_srcdir}/src/include
Linker flags:
Libraries: -lpthread
PC/SC support: no
Libusb used: yes
After do all the steps, I have:
[EMAIL PROTECTED] openct-20050108]# ps -fea | grep ifd
root 5538 1 0 11:03 ? 00:00:00 /usr/sbin/ifdhandler -H
etoken /proc/bus/usb/003/005
[EMAIL PROTECTED] openct-20050108]# openct-control status
No. Name Info
===================================================
0 Aladdin eToken PRO slot0: card present
[EMAIL PROTECTED] ~]# openct-tool -r 0 atr
Detected Aladdin eToken PRO
Card present, status changed
ATR: 3b e2 00 ff c1 10 31 fe 55 c8 02 9c
opensc:
[EMAIL PROTECTED] opensc]# ./configure --prefix=/usr --
sysconfdir=/etc
OpenSC has been configured with the following options
User binaries: /usr/bin
Configuration files: /etc
Host: i686-pc-linux-gnu
Compiler: gcc
Compiler flags: -Wall -fno-strict-aliasing -g -O2
Preprocessor flags: -I${top_builddir}/src/include
Linker flags:
Libraries: -lpthread
Random number collection: device (/dev/urandom)
OpenSSL support: yes
with engine: yes
with sslhack: yes
PC/SC support: no
OpenCT support: yes
Assuan support: no
LDAP support: yes
PAM support: yes
[EMAIL PROTECTED] ~]# opensc-tool --list-readers
Readers known about:
Nr. Driver Name
0 openct Aladdin eToken PRO
1 openct OpenCT reader (detached)
2 openct OpenCT reader (detached)
3 openct OpenCT reader (detached)
4 openct OpenCT reader (detached)
My card is:
[EMAIL PROTECTED] tests]# cardos-info
Info : CardOS/M4.0 (C) Siemens AG 1994-1999 (Feb 15 2000)
Chip type: 20
Serial number: 13 bb 97 0f 1e 08
Full prom dump:
33 FF EB 31 FF FF FF FF 14 65 13 BB 97 0F 1E 08 3..1.....e......
00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................
OS Version: 200.2 (that's CardOS M4.0)
Current life cycle: 32 (administration)
Security Status of current DF:
Free memory : 1024
ATR Status: 0x0 ROM-ATR
Packages installed:
01 04 01 01 C8 02 01 04 08 01 C8 02 01 04 03 01 ................
C8 02 01 04 0B 01 C8 02 01 04 07 03 C8 02 ..............
Ram size: 1024, Eeprom size: 16384, cpu type: 66, chip config: 61
Free eeprom memory: 5635
System keys: PackageLoadKey (version 1, retries 10)
System keys: StartKey (version 1, retries 10)
Path to current DF:
Any clues?
Thank you so much for your time and patience.
Regards.
--
Rodrigo Henriquez M. http://www.corporacionlinux.cl
Corporacion Linux S.A. Fonos: 02 2442988 - 02 2444250
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
