Hi,
Ralf Schlatterbeck wrote:
I now have successfully built and loaded the muscle applet onto my
Gemalto TOP IM FIPS CY2 (Cyberflex Access 64k v2)
Good to hear :)
I can -- using opensc tools -- build a pkcs15 structure on the card,
erase, initalize, set an ID and generate a key. But when I try to
use the card with pkcs11 and openssl I'm getting errors (see below).
I'm using the opensc-pkcs11 library.
Should I use another pkcs11 lib that is more specific to muscle?
Or any hints on what might be wrong with my configuration/card/etc?
Working:
pkcs15-init -E --create-pkcs15 --no-so-pin
pkcs15-init --store-pin --auth-id 01 --label "User Name"
pkcs15-tool --list-pins
pkcs15-init --generate-key rsa/1024 --auth-id 01
#(or alternatively a 2048 bit key)
pkcs15-tool --list-keys
pkcs15-tool --list-public-keys
Errors:
% openssl req -days 3650 -new -out $CLIENT.csr -config openssl.cnf -engine
pkcs11 -keyform engine -key 0:45 -sha1
engine "pkcs11" set.
[opensc-pkcs11] iso7816.c:102:iso7816_check_sw: Unknown SWs; SW1=9C, SW2=02
[opensc-pkcs11] sec.c:201:sc_pin_cmd: returning with: Card command failed
Login failed
0x9C02 is "Auth Failed". Are you sure you have entered the correct PIN?
Try this, just to be sure: set all PINs (including the ones in
pkcs15-init) to 00000000. Then try the same operation. If it works, I
think I know the solution.
<snip>
João
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
