On Monday 24 April 2006 23:29, Chaskiel Grundman wrote:
> On Mon, 24 Apr 2006, Justin Karneges wrote:
> > Alright, I decided to pick up an ITSEC-I model so that I'd at least have
> > a working card. Sadly, and many dollars later, I can't get this one to
> > work either. :( pkcs11-tool reports a lot of errors when I try to use
> > --show-info, for example. --list-objects does not work, nor does
> > --init-token.
>
> Did you try using pkcs15-init -C instead of pkcs11-tool --init-token? I
> don't have any experience with the latter.
Ok, it seems the problem was a missing opensc.conf. Maybe this is what the
errors meant about missing files.
Alright, here's what I've tried:
# pkcs15-init -C
New Security Officer PIN (Optional - press return for no PIN).
Please enter Security Officer PIN:
I didn't type an SO pin, I just hit return. I guess this initialized the
card. I then tried with pkcs11-tool --init-token, but got an error:
# pkcs11-tool --module /usr/local/lib/opensc-pkcs11.so --init-token --label
AnotherCryptoCombo
Please enter the new SO PIN:
Please enter the new SO PIN (again):
error: PKCS11 function C_InitToken failed: rv = CKR_FUNCTION_NOT_SUPPORTED
(0x54)
Aborting.
I then wanted to go back and get an SO pin, since it is probably a bad idea
not to have one. So here I go:
# pkcs15-init -C
New Security Officer PIN (Optional - press return for no PIN).
Please enter Security Officer PIN:
PIN too short (min 6 characters)
Please enter Security Officer PIN:
Please type again to verify:
Unblock Code for New User PIN (Optional - press return for no PIN).
Please enter User unblocking PIN (PUK):
Please type again to verify:
card-cardos.c:225:cardos_check_sw: invalid parameters in data field
card.c:376:sc_create_file: returning with: Incorrect parameters in APDU
Failed to create PKCS #15 meta structure: Incorrect parameters in APDU
Hmmmmm.
Well, the filesystem otherwise seems to work:
# pkcs15-init -X justin.pem
No errors.
# pkcs15-tool -c
X.509 Certificate [Certificate]
Flags : 2
Authority: no
Path : 3f0050153149
ID : 45
# pkcs11-tool --module /usr/local/lib/opensc-pkcs11.so --list-objects
Certificate Object, type = X.509 cert
label: Certificate
ID: 45
Public Key Object; RSA 1024 bits
label: Certificate
ID: 45
Usage: encrypt, verify
# pkcs11-tool --module /usr/local/lib/opensc-pkcs11.so --list-slots
Available slots:
Slot 0 Eutron CryptoIdendity
token label: OpenSC Card
token manuf: OpenSC Project
token model: PKCS #15 SCard
token flags: PIN initialized, token initialized
serial num : 24727B081231
Slot 1 (empty)
Slot 2 (empty)
Slot 3 (empty)
Slot 4 (empty)
Slot 5 (empty)
Slot 6 (empty)
Slot 7 (empty)
This seems to be a good indication that opensc did play a part in the
initialization, since the token label is set to "OpenSC Card". However, the
token manufacturer and token model have terrible values. Can I set these
somehow?
Do I really have a pin? I wasn't even prompted for it when I imported the
cert.
I also wonder if my card was already initialized when I received it. The
packaging had an SO PIN and User PIN on a sticker, but I haven't used those
yet.
-Justin
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
