[OCF] =?big5?B?UkU6IFtPQ0ZdICBTaWduaW5nIGRhdGEgdXNpbmcgR1BLODAwMCBjYXJk?=

Sun, 04 Mar 2001 23:42:22 -0800 


Thanks for your information! 

Actually I also planned to roll my own card issuance program using OCF but I need to 
deal with existing cards that are formatted by PKCS#11,  that's why I cannot use "raw 
GPK8000 card"... I also evaluated the java wrapper from IBM. It works great with 
Rainbow iKey(dkck232.dll) and GemSAFE cards(pk2priv.dll) loaded with a pair of keys 
and certificate from VeriSign, but whenever I run the test program "Demo1" with 
GemSAFE card formatted by Netscape's PKCS#11, it always throws the following exception:

Exception in thread "main" com.ibm.pkcs11.PKCS11Exception: The token was not recognized
        at com.ibm.pkcs11.nat.NativePKCS11Slot.getTokenInfo(Native Method)
        at Demo1.main(Demo1.java:33)

I also used Netscape 4.76 to load the same pair of RSA keys and certificate(issued by 
the local CA, not VeriSign) to iKey. The test program "Demo1" completed successfully, 
though.


Sincerely,
Mike

>Sorry Mike. You can stop working on signing using GPK card services & GemSAFE Cards.
>
>If you read the first record of a public key file(say 0200:0007), it may read 
>something like 00 00 80 8A 00 00 AF. The byte 0x80 => that all the crypto operations 
>which use the private key are protected by not 1 but 2 secret codes(the user PIN, and 
>the 'Hidden PIN'). Since your application(you) has no knowledge of this, it can't do 
>a 'select cyrpto context' and hence no signing.
>
>To solve your problems, you have to follow one of the following approach:
>(1) Use 'raw GPK8000 cards' with no PKCS#11 flavour
>(2) Use a java wrapper for PKCS#11 (say, from www.alphaworks.ibm.com. license is your 
>baby..)
>
>Warm Regards
>
>----------
>The man who goes alone can start today; 
>but he who travels with another must wait till that other is ready. 
>- Henry David Thoreau






---
> Visit the OpenCard web site at http://www.opencard.org/ for more
> information on OpenCard---binaries, source code, documents.
> This list is being archived at http://www.opencard.org/archive/opencard/

! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email
! to
!                           [EMAIL PROTECTED]
! containing the word
!                           unsubscribe 
! in the body.

Reply via email to