Fernando Sanchez Chaparro wrote: > Thank you for your answer Viktor. > > 2010/2/2 Viktor TARASOV <viktor.tara...@opentrust.com > <mailto:viktor.tara...@opentrust.com>> > > Fernando Sanchez Chaparro wrote: > > Finally, I found how to solve my problem thank to your answers. I > > really appreciate the help I have received from this list. > > > > The problem was that I had initialized the smart card with only > the SO > > Pin, and therefore the opensc-pkcs11.dll didn't find any slot. Using > > the onepin profile (pkcs15-init -ECT -p pkcs15+onepin) now I can > > interact with the smart card. I'm able to: > > -- login/logout > > -- list objects (public and private) > > -- generate pair keys > > -- change Pins > > -- change the objects labels and ids > > -- etc. > > > > However, now I have a different problem with my development, I'm not > > able to delete an object. I have linked the pkcs11-spy.dll in > order to > > get more information when I invoke the C_DestroyObject function. The > > output the spy shows is: > > > > / 37: C_DestroyObject > > [in] hSession = 0x1 > > [in] hObject = 0x4 > > Returned: 84 CKR_FUNCTION_NOT_SUPPORTED/ > > > > > > Does someone have any clue that what it is happening? > > What kind of object do you trying to delete? > Actually C_DestroyObject is supported only for the 'DATA' object. > > > Aaahm... I'm trying to delete keys and certs objects. Could I use > other function to delete this kinf od objects? > I have tried to use pkcs15-init tool to test its possibilities for > deleting objects (i.e. pkcs15-init -D cert --id XX) but I get "Not > supported" message. I don't know if I can invoke some function > (pkcs11, pkcs15) to accomplish a key/cert deletion. > > Could someone help me??
Delete objects with pkcs15-init tool -- 'works for me'. Tested in trunk with Oberthur, SetCOS and CardOS . I don't know and don't have the starcos card. You can send us full logs of your 'pkcs15-init -D' session. In cryptoshop.com there is 'developer version of the StarCOS SPK 2.3'. Is it similar to the card that your are using? Can this card be initialized and used with OpenSC ? > > Thanks in advance. > Regards. Kind wishes, Viktor. > > > - > > Thank everybody very much. > > Kind regards. > Kind wishes, > Viktor. > > > > > > > 2010/2/1 Andreas Jellinghaus <a...@dungeon.inka.de > <mailto:a...@dungeon.inka.de> > > <mailto:a...@dungeon.inka.de <mailto:a...@dungeon.inka.de>>> > > > > are you trying to get new blank card initialized with opensc > to work, > > or are you trying to get cards with that vendors software to > work > > with opensc? > > > > > > if that vendor did not implement PKCS#15 on the cards, the > resulting > > card might not be compatible with opensc. > > > > opensc is supposed to be compatible with some vendors > software such > > as A.E.S., but while users report success, their strange license > > actualy forbids using cards initialized with their software with > > opensc. > > not sure if such a clause is valid, I guess not at all. > > > > to initialize a blank card with opensc see the wiki > (QuickStart). > > > > for a basic check of opensc first: does opensc find your reader? > > opensc-tool -r should tell you. does opensc find the card? > > opensc-tool -a should show the atr. > > > > > > is your card supported by opensc? I guess so, the atr you > mentioned > > is old and well known. > > > > so if pkcs11-tool only shows empty slots (I guess without > --module > > option / thus with opensc-pkcs11.dll), then your card is > most likely > > empty or initialized in an incompatible (i.e. not PKCS#15) way. > > > > if you want to use a blank card with opensc, then initialize > it first > > (at least the first pkcs15-init --create call,maybe best with > > onepin profile), and then you should be able to use the card > with > > pkcs11-tool. > > > > if you want to try pkcs11-tool, but with your vendors pkcs#11 > > module, use the "--module" option. > > > > > > if you want to use pkcs11-spy.dll with your application > > (with either module), you need to set some environment > > variables of course. see the wiki or google for details. > > > > > > > I've configured the debug=9 in other to get more information. > > You can find > > > the log attached to this mail "pkcs11_test_login.txt". > > > > looks fine to me. but the card has only a security officer, > but no > > normal > > user pin. that won't work fine with opensc-pkcs11.so. > > > > try to init it with "onepin" option, or use "pkcs15-init" to > > create a pin, > > rsa key, store a certifcate etc. and then try again. > > > > > > > > > My problems begin when I try to invoke the function > > C_GetSlotList of > > > > > the opensc-pcks11.dll library. I'm not able to find a > slot with > > > > > information. All the slot available seem to be empty. The > > code I'm > > > > > trying to execute can be find below: > > > > > > > > pkcs11-tool should show some slots. if it does, the > problem is > > most > > > > likely in your application. if it does not, something is > wrong > > with > > > > opensc or its configuration. > > > > > > pkcs11-tool -L show me the slots but they are always empty. > > > > the only card found in the log file is empty (except for a > > security officer > > pin), so I guess that is the problem. > > > > if you want to create a "security officer"-pin and a normal pin, > > and then > > create keys/certificates/... via pkcs#11 api, that usualy > doesn't > > work well > > (pkcs#11 is not designed for several PINs needed for some > action). > > so I > > suggest to use the "onepin" profile with your card, thus you > have only > > one PIN (plus an optional unblocking PIN (PUK) if you want), and > > pkcs#11 > > works much easier with that. > > > > > I've used my > > > application with the manufacturer libraries and it works > > appropriately. So > > > I think my problem could be related to my opensc > configuration. > > I didn't > > > modify the opensc.conf file because i'm using a usual card > > supported by > > > opensc, Do I have to modify it? > > > > I don't think so, at least it looks to me like there is no > problem. > > > > > Opensc-tool -a show the next information about my > > > ATR: 3b:b7:94:00:81:31:fe:65:53:50:4b:32:33:90:00:d1 > > > > > > I think it is the common ATR for starcos 2.3, besides I've > found > > this ATR > > > code in the sources of opensc project into > > /libopensc/card-starcos.c. > > > > yes, looks like a well known and supported card. > > > > I hope you have a "test" version of the card, otherwise you > can't > > erase it. > > (starcos "feature" - nothing we can do about...) > > > > > When I link the pkcs11-spy into my example program i get the > > next message: > > > General error. > > > I'm afraid it is not very helpful. > > > > did you set the environment variables? see the wiki page or > google for > > details. > > > > Hope this helps. good luck! > > > > Regards, Andreas > > > > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > opensc-devel mailing list > > opensc-devel@lists.opensc-project.org > <mailto:opensc-devel@lists.opensc-project.org> > > http://www.opensc-project.org/mailman/listinfo/opensc-devel > > > -- > Viktor Tarasov <viktor.tara...@opentrust.com > <mailto:viktor.tara...@opentrust.com>> > > _______________________________________________ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > <mailto:opensc-devel@lists.opensc-project.org> > http://www.opensc-project.org/mailman/listinfo/opensc-devel > > > ------------------------------------------------------------------------ > > _______________________________________________ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel -- Viktor Tarasov <viktor.tara...@opentrust.com> _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
