I now have successfully built and loaded the muscle applet onto my
Gemalto TOP IM FIPS CY2 (Cyberflex Access 64k v2)
I can -- using opensc tools -- build a pkcs15 structure on the card,
erase, initalize, set an ID and generate a key. But when I try to
use the card with pkcs11 and openssl I'm getting errors (see below).
I'm using the opensc-pkcs11 library.
Should I use another pkcs11 lib that is more specific to muscle?
Or any hints on what might be wrong with my configuration/card/etc?
Working:
pkcs15-init -E --create-pkcs15 --no-so-pin
pkcs15-init --store-pin --auth-id 01 --label "User Name"
pkcs15-tool --list-pins
pkcs15-init --generate-key rsa/1024 --auth-id 01
#(or alternatively a 2048 bit key)
pkcs15-tool --list-keys
pkcs15-tool --list-public-keys
Errors:
% openssl req -days 3650 -new -out $CLIENT.csr -config openssl.cnf -engine
pkcs11 -keyform engine -key 0:45 -sha1
engine "pkcs11" set.
[opensc-pkcs11] iso7816.c:102:iso7816_check_sw: Unknown SWs; SW1=9C, SW2=02
[opensc-pkcs11] sec.c:201:sc_pin_cmd: returning with: Card command failed
Login failed
PKCS11_get_private_key returned NULL
unable to load Private Key
18987:error:80005005:Vendor defined:PKCS11_login:General Error:p11_slot.c:145:
18987:error:26096080:engine routines:ENGINE_load_private_key:failed loading
private key:eng_pkey.c:114:
pkcs11-tool in testing mode looks good, note that I don't think
I've compiled in the MD5 stuff in the MCardApplet.
% pkcs11-tool -l -t
Please enter User PIN:
C_SeedRandom() and C_GenerateRandom():
not implemented
Digests:
all 4 digest functions seem to work
MD5: OK
SHA-1: OK
RIPEMD160: OK
Signatures (currently only RSA signatures)
testing key 0 (Private Key)
all 4 signature functions seem to work
testing signature mechanisms:
RSA-X-509: OK
RSA-PKCS: OK
SHA1-RSA-PKCS: OK
MD5-RSA-PKCS: OK
RIPEMD160-RSA-PKCS: OK
Verify (currently only for RSA):
testing key 0 (Private Key)
RSA-X-509: OK
RSA-PKCS: OK
SHA1-RSA-PKCS: OK
MD5-RSA-PKCS: OK
RIPEMD160-RSA-PKCS: OK
Key unwrap (RSA)
testing key 0 (Private Key) -- can't be used to unwrap, skipping
Decryption (RSA)
testing key 0 (Private Key) -- can't be used to decrypt, skipping
Testing card detection
Please press return to continue, x to exit:
Available slots:
Slot 0 Gemplus GemPC Key 00 00
token label: MUSCLE (Ralf Schlatterbeck)
token manuf: Identity Alliance
token model: PKCS #15 SCard
token flags: rng, login required, PIN initialized, token initialized
serial num : 0000
[...]
Thanks, Ralf
--
Dr. Ralf Schlatterbeck Tel: +43/2243/26465-16
Open Source Consulting Fax: +43/2243/26465-23
Reichergasse 131 www: http://www.runtux.com
A-3411 Weidling email: [email protected]
osAlliance member email: [email protected]
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
