[Muscle] New key objects created when performing a lookup?

Tue, 07 Jun 2005 18:27:19 -0700 

G'day,
If use pkcs11-tool configured with libmusclepkcs11.so to store a certificate and a private key on a card, then perform a lookup of the objects on the card, it seems that additional public and private key objects are added to the card by libmusclepkcs11.so. 


For example, if I put a certificate and a private key on the a card, 
then muscleTool shows the following objects:


muscle [MuscleCard Applet] > list
           Object ID  Object Size     READ   WRITE   DELETE
   -----------------  -----------    ------  ------  ------
                  k5          512    ALWAYS  PIN #1  PIN #1
                  k4          512    PIN #1  PIN #1  PIN #1
                  c0          512    ALWAYS  PIN #1  PIN #1
                  C0          646    ALWAYS  PIN #1  PIN #1

The certificate is represented by {c0,C0}, and the private key by {k4,k5}.


But if I then use pkcs11-tool (configured to use libmusclpkcs11.so) to 
view the card contents, this is what gets listed:


Certificate Object, type = X.509 cert
  label:      user-cert
  ID:         1234

Public Key Object; unknown key algorithm 134532164
  ID:         1234
  Usage:      encrypt, verify, wrap

Private Key Object; RSA
  label:      user-key
  ID:         1234
  Usage:      decrypt, sign, unwrap

Public Key Object; RSA 134564297 bits
  label:
  ID:         4b45593030303030303030303030303030303033
  Usage:      encrypt, verify, wrap

Private Key Object; RSA
  label:
  ID:         4b45593030303030303030303030303030303032
  Usage:      decrypt, sign, unwrap

Public Key Object; RSA 134564297 bits
  label:
  ID:         4b45593030303030303030303030303030303031
  Usage:      encrypt, verify, wrap

Private Key Object; RSA
  label:
  ID:         4b45593030303030303030303030303030303030
  Usage:      decrypt, sign, unwrap



NOTE: lots messages such as "warning: PKCS11 function 
C_GetAttributeValue(ENCRYPT) failed: rv = CKR_ATTRIBUTE_TYPE_INVALID 
(0x12)" have been removed from the above. Key usage attributes are not 
explicitly created by pkcs11-tool, so I'm assuming these attributes 
don't exist and have no default value, so that getting their value is an 
error?



There's quite a few new objects listed above, as revealed by using 
muscleTool:


muscle [MuscleCard Applet] > list
           Object ID  Object Size     READ   WRITE   DELETE
   -----------------  -----------    ------  ------  ------
                  k3          512    ALWAYS  PIN #1  PIN #1
                  k2          512    PIN #1  PIN #1  PIN #1
                  k1          512    ALWAYS  PIN #1  PIN #1
                  k0          512    PIN #1  PIN #1  PIN #1
                  k5          512    ALWAYS  PIN #1  PIN #1
                  k4          512    PIN #1  PIN #1  PIN #1
                  c0          512    ALWAYS  PIN #1  PIN #1
                  C0          646    ALWAYS  PIN #1  PIN #1

New key objects k0, k1, k2, and k4 have been created.


So: why have these new key objects been created by libmusclepkcs11.so in 
the process of the lookup, and should these objects have been created by 
pkcs11-tool in the first place?


-- Geoff
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle






















					Reply via email to