Great! Good luck!
On Tue, Apr 7, 2009 at 2:35 PM, Stéphanie De Maerteleire <[email protected]> wrote: > Hello, > > I haven't tried pkcs11-dump yet, but from a few certificates I looked at, it > looks like their issuer just isn't included on the token, so then it's normal > pkcs11-helper doesn't show them. I'm pretty new to cryptography and PKCS11, > that's why I didn't realize what was the problem at first. > > Thanks a lot for your help! > > Kind regards, > Stephanie > > > -----Original Message----- > From: Alon Bar-Lev [mailto:[email protected]] > Sent: maandag 6 april 2009 19:25 > To: Stéphanie De Maerteleire; opensc-devel > Subject: Re: Question about pkcs11-helper > > Hello, > > I did not say that all the certificates are stored on the card. I only said > that you wil see those who are. > > You should use pkcs11-dump or any similar utility in order to see what > objects are stored on your token. > > If there are certificate objects that are not visible, please send me the > output of pkcs11-dump. > > Alon. > > On Mon, Apr 6, 2009 at 12:00 PM, Stéphanie De Maerteleire <[email protected]> > wrote: >> Hello, >> >> Ok, so the issuers are the root certificates, I get that. But you're saying >> that ALL other certificates are stored in certs, but I've noticed that there >> are several certificates that have an issuer that is neither in the issuers >> list nor in the certs list. I need to get all issuers from a certificate in >> some way to generate the certificate chain, and right now this is not >> possible for certificates of which I can't find one of the issuers! >> Could you tell me how it is possible to do this? Or does this just mean that >> the issuers I can't find are simply not stored on the token, and if so, how >> can I get them anyway? >> >> I don't want to store anything on the token, I just want to read from it. >> >> Many thanks in advance, >> >> Kind regards, >> Stephanie >> >> >> -----Original Message----- >> From: Alon Bar-Lev [mailto:[email protected]] >> Sent: vrijdag 3 april 2009 18:00 >> To: Stéphanie De Maerteleire; opensc-devel >> Subject: Re: Question about pkcs11-helper >> >> Hello, >> >> The issuers you get are the root certificates. >> All other certificates are stored in the certs. >> >> Two facts you should consider: >> 1. It is not safe to store root certificates on PKCS#11 token, as anyone, >> even without authentication can add certificates into the token. >> 2. Storing the complete chain on a PKCS#11 token wastes storage, so in most >> cases you will find only the root certificate and the end certificate. >> >> Alon. >> >> On Fri, Apr 3, 2009 at 1:01 PM, Stéphanie De Maerteleire <[email protected]> >> wrote: >>> Hello, >>> >>> >>> >>> Am I correct that you are the developer of pkcs11-helper ? If so, you >>> might be able to help me with this issue. I'm Goblin_Queen on the >>> OpenSC forum, I posted a question before about using the Firefox >>> PKCS11 provider with pkcs11-helper. >>> >>> >>> >>> I'm having the following problem: >>> >>> When I call the method enumTokenCertificateIds like this: >>> >>> >>> >>> if ((rv = pkcs11h_certificate_enumTokenCertificateIds ( >>> >>> gekozenToken, >>> >>> PKCS11H_ENUM_METHOD_RELOAD, >>> >>> NULL, >>> >>> PKCS11H_PROMPT_MASK_ALLOW_ALL, >>> >>> &issuers, >>> >>> &certs >>> >>> )) != CKR_OK) { >>> >>> fatal >>> ("pkcs11h_certificate_enumCertificateIds >>> failed", rv); >>> >>> } >>> >>> >>> >>> The variable 'issuers' is filled with a list of issuers on that token. >>> But the problem is that I've discovered not all issuers are included >>> in this list, how is this possible? I need a complete list of all >>> issuers so I can generate a certificate chain. My certificate chain >>> method works fine for certificates of which the issuer(s) is/are >>> included in the list, but when the issuer is not included in the list, it >>> obviously crashes. >>> >>> >>> >>> Thanks in advance! >>> >>> Kind regards, >>> >>> Stephanie >> > _______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
