Ralf Schlatterbeck ha scritto: > I now have successfully built and loaded the muscle applet onto my > Gemalto TOP IM FIPS CY2 (Cyberflex Access 64k v2) > > I can -- using opensc tools -- build a pkcs15 structure on the card, > erase, initalize, set an ID and generate a key. But when I try to > use the card with pkcs11 and openssl I'm getting errors (see below). > I'm using the opensc-pkcs11 library. > > Should I use another pkcs11 lib that is more specific to muscle? > > Or any hints on what might be wrong with my configuration/card/etc? > > Working: > pkcs15-init -E --create-pkcs15 --no-so-pin > pkcs15-init --store-pin --auth-id 01 --label "User Name" > pkcs15-tool --list-pins > pkcs15-init --generate-key rsa/1024 --auth-id 01 > #(or alternatively a 2048 bit key) > pkcs15-tool --list-keys > pkcs15-tool --list-public-keys > > Errors: > % openssl req -days 3650 -new -out $CLIENT.csr -config openssl.cnf -engine > pkcs11 -keyform engine -key 0:45 -sha1 > engine "pkcs11" set. > [opensc-pkcs11] iso7816.c:102:iso7816_check_sw: Unknown SWs; SW1=9C, SW2=02 > [opensc-pkcs11] sec.c:201:sc_pin_cmd: returning with: Card command failed > Login failed > PKCS11_get_private_key returned NULL > unable to load Private Key > 18987:error:80005005:Vendor defined:PKCS11_login:General Error:p11_slot.c:145: > 18987:error:26096080:engine routines:ENGINE_load_private_key:failed loading > private key:eng_pkey.c:114: > > pkcs11-tool in testing mode looks good, note that I don't think > I've compiled in the MD5 stuff in the MCardApplet. > > % pkcs11-tool -l -t > Please enter User PIN: > C_SeedRandom() and C_GenerateRandom(): > not implemented > Digests: > all 4 digest functions seem to work > MD5: OK > SHA-1: OK > RIPEMD160: OK > Signatures (currently only RSA signatures) > testing key 0 (Private Key) > all 4 signature functions seem to work > testing signature mechanisms: > RSA-X-509: OK > RSA-PKCS: OK > SHA1-RSA-PKCS: OK > MD5-RSA-PKCS: OK > RIPEMD160-RSA-PKCS: OK > Verify (currently only for RSA): > testing key 0 (Private Key) > RSA-X-509: OK > RSA-PKCS: OK > SHA1-RSA-PKCS: OK > MD5-RSA-PKCS: OK > RIPEMD160-RSA-PKCS: OK > Key unwrap (RSA) > testing key 0 (Private Key) -- can't be used to unwrap, skipping > Decryption (RSA) > testing key 0 (Private Key) -- can't be used to decrypt, skipping > Testing card detection > Please press return to continue, x to exit: > Available slots: > Slot 0 Gemplus GemPC Key 00 00 > token label: MUSCLE (Ralf Schlatterbeck) > token manuf: Identity Alliance > token model: PKCS #15 SCard > token flags: rng, login required, PIN initialized, token initialized > serial num : 0000 > [...] > > Thanks, Ralf >
Did u format the applet? _______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle
