SORRY FOR THE LAST UNFINISHED MAIL, IT WAS DONE BY ACCIDENT! ------------------------------------------------------------------------ ---------------------------------------
Hi, This sounds very good so I tried to use it. Here are the steps I have done: 1. I have installed the Sun PKCS#11 provider by adding: security.provider.7=sun.security.pkcs11.SunPKCS11 c:/projekti/pki/musclePKCS11.cfg ...to the java.security file in C:\Program Files\Java\jre1.5.0_04\lib\security 2. I have created musclePKCS11.cfg file and set: name = musclePKCS11 library = c:/windows/system32/idap11shim.dll (here I have used the PKCS11 module from ID Ally because I know it works with my JCOP card. There is also idap11.dll file listed in registry as a PKCS11BaseModule but I have read somewhere to use the first one) 3. I have run the keytool: a) keytool -keystore NONE -storetype PKCS11 -list, I entered the PIN for the keystore password and I got: Keystore type: PKCS11 Keystore provider: SunPKCS11-musclePKCS11 Your keystore contains 0 entries b) keytool -keystore NONE -storetype PKCS11 -genkey -dname "CN=dgambin,OU=LS,O=GP,C=HR" -alias dgambin, but I got: keytool error: java.security.KeyStoreException: sun.security.pkcs11.wrapper.PKCS 11Exception: CKR_FUNCTION_FAILED I can't enable logging/debugging for ID Ally PKCS#11 although they say it is supported by modifying the registry. I have enabled it by setting "Logging" to 1 in registry (HKLM\SOFTWARE\Identity Alliance\AuthShim) but I get no log anywhere... Any help? thanks very much regards, dejan > -----Original Message----- > From: Karsten Ohme [mailto:[EMAIL PROTECTED] > Sent: Tuesday, October 03, 2006 3:29 PM > To: Gambin Dejan > Subject: Re: PKCS#11 Windows build > > Gambin Dejan wrote: > > Thanks Karsten, > > > > I have finally built the stable PKCS#11 dll using your development > > environment. A few things had to be changed but it > succeeded. I had to > > make musclecard.dll also but still opensc pkcs11-tool doesn't work > > with this. I suppose I have to make the stable MuscleCard > Plugin also > > so I'll give it a try. Can you just tell me if you think > there is any > > chance to make pkcs11-tool work with this (just your opinion). As I > > told you, I have to find a way to generate the keypair and cert > > request from the card. I have even tried to use openssl with > > engine-pkcs11 form opensc ans set musclecard pkcs11 instead > of opensc > > one. But this doesn't work either > > I have never tried this way. What might work is to use > keytool from Java together with the PKCS#11 module from Sun. > > Karsten > > > > regards, dejan > > > > > >>-----Original Message----- > >>From: Karsten Ohme [mailto:[EMAIL PROTECTED] > >>Sent: Monday, October 02, 2006 9:19 PM > >>To: Gambin Dejan > >>Cc: 'MUSCLE' > >>Subject: Re: PKCS#11 Windows build > >> > >>Dejan Gambin wrote: > >> > >>>Karsten, > >>> > >>>Can you (or maybe someone else) tell me what is the most > >> > >>simple way to > >> > >>>build the Muscle stable PKCS#11 module on Windows? I tried > >> > >>to use your > >> > >>>developer version .mak file with the stable source code but > >> > >>I didn't have success. > >> > >>>Probably many things have to be changed...? > >> > >>No, nothing is changed. The files are the same. Should work. > >>Use the PKCS11.mak and post the errors. Or use the sln file > for Visual > >>Studio. > >>Follow the same instructions like mentioned in my README of > >>libmusclecard. The PKCS11 should complain, if something is missing. > >> > >>Karsten > >> > >> > >>>I have tried using ID Ally PKCS#11 dll (idap11shim.dll or > >> > >>idap11.dll I > >> > >>>don't know the differences so I tried both) with OpenSC > >> > >>pkcs11-tool as > >> > >>>I have been told on the OpenSC list that it might work with > >> > >>non-OpenSC > >> > >>>PKCS#11 module...but I get many things unsupported as a > result of a > >>>pkcs11-tool test (C_SeedRandom, C_GenerateRandom, digests not > >>>implemented, signatures not implemented, etc). Is it worth > >> > >>trying anyway? > >> > >>>dejan > >>> > >> > >> > > _______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle
