Re: [Muscle] pkcs11?

Thu, 03 Dec 2009 14:16:54 -0800 

Just my 2 cents, muscleTool on debian does not like my muscle applet cards
too. they have the a0 000000 0101 aid.

My solution to on card cryptography was to buy some cryptoflex which are
realy pkcs15 cards :( too bad.

Seb

On Thu, Dec 3, 2009 at 11:13 PM, João Poupino <[email protected]>wrote:

> Hi,
>
>
> Ralf Schlatterbeck wrote:
>
>> I now have successfully built and loaded the muscle applet onto my
>> Gemalto TOP IM FIPS CY2 (Cyberflex  Access 64k v2)
>>
>
> Good to hear :)
>
>
>
>> I can -- using opensc tools -- build a pkcs15 structure on the card,
>> erase, initalize, set an ID and generate a key. But when I try to
>> use the card with pkcs11 and openssl I'm getting errors (see below).
>> I'm using the opensc-pkcs11 library.
>>
>> Should I use another pkcs11 lib that is more specific to muscle?
>>
>> Or any hints on what might be wrong with my configuration/card/etc?
>>
>> Working:
>> pkcs15-init -E --create-pkcs15 --no-so-pin
>> pkcs15-init --store-pin --auth-id 01 --label "User Name"
>> pkcs15-tool --list-pins
>> pkcs15-init --generate-key rsa/1024 --auth-id 01
>> #(or alternatively a 2048 bit key)
>> pkcs15-tool --list-keys
>> pkcs15-tool --list-public-keys
>>
>> Errors:
>> % openssl req -days 3650 -new -out $CLIENT.csr -config openssl.cnf -engine
>> pkcs11 -keyform engine -key 0:45 -sha1
>> engine "pkcs11" set.
>> [opensc-pkcs11] iso7816.c:102:iso7816_check_sw: Unknown SWs; SW1=9C,
>> SW2=02
>> [opensc-pkcs11] sec.c:201:sc_pin_cmd: returning with: Card command failed
>> Login failed
>>
>
> 0x9C02 is "Auth Failed". Are you sure you have entered the correct PIN?
>
> Try this, just to be sure: set all PINs (including the ones in pkcs15-init)
> to 00000000. Then try the same operation. If it works, I think I know the
> solution.
>
> <snip>
>
> João
>
> _______________________________________________
> Muscle mailing list
> [email protected]
> http://lists.drizzle.com/mailman/listinfo/muscle
>

_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle

Reply via email to