Hi all. I'm using a MyEID card (got a pack of 5 to test) on a GemPlus USB-SW reader. OpenSC is 0.12, from Mandriva Cooker (2011alpha) packages. If I init the card and load a single certificate (actually the one I use to authenticate on StartSSL.com) it's OK. I can even generate a 2048 bit key pair for SSH, and it works OK (but I have to specify "-u decrypt,sign" to meke it work).
Problems start when I tryto load another cert (I have 3 more, for different mail addresses; all certs are from StartSSL): it says Failed to store private key: File too small I thought there was not enough space in some file and tried to modify files sizes in profile (failing everytime... maybe 'cause I don't know the meaning of those parameters). Then I tried generating some more keys: no problem w/ 4x2048bit+2x1024bit... So I think there's enough space... Then I tried converting certs to PEM format and load'em w/ pkcs15-init -a 2 -S $CERTNAME.pem --cert-label $CERTNAME pkcs15-init -X $CERTNAME.pem -l $CERTNAME (tried in reverse order too, and w/ --cert-label when using -X) and all certs gets loaded. But seems private keys aren't "associated" to the cert. And Firefox and Thunderbird can't see 'em... Another strangeness is that when adding keypairs or certificates I'm asked to enter CHV1, not SOPIN or the PIN I'm asking to use. For example pkcs15-init -G rsa/2048 -a 2 -u decrypt,sign -l SSH asks for CHV1, *not* CHV2 os SOPIN! Another doubt: what are "slots"? Seems for "pkcs11-tool -L" they're the PINs, but for text in opensc.conf it seems they're related to the max number of storable keys... Tks! _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
