Hi Viktor,
After more testing, it appears that the issue cannot be reproduced with all my
certificates but only some of them.
I put attached details about the cert I use most of the time.
Thanks
William
-----Message d'origine-----
De : Viktor Tarasov [mailto:viktor.tara...@gmail.com]
Envoyé : vendredi 3 juin 2011 16:53
À : Viktor Tarasov
Cc : HOURY William; opensc-devel@lists.opensc-project.org
Objet : Re: [opensc-devel] First Smartcard logon issue on XP SP3 with OpenSC
12.1
Le 03/06/2011 09:21, Viktor Tarasov a écrit :
> Le 03/06/2011 09:06, HOURY William a écrit :
>> Hi Viktor,
>>
>> I have other middlewares installed but I have disabled all the proprietary
>> certificate propagation tools and only activated the windows one (the
>> sccertprop registry value is well set).
>
> Ok, once more it hasn't worked. Thank you.
> Will try to reproduce.
For a while I cannot reproduce.
The test was done with the card:
Athena ASEPCOS
atr: 3b:d6:18:00:81:b1:80:7d:1f:03:80:51:00:61:10:30:8f.
Card initialized with the following commands:
# pkcs15-init -E
# pkcs15-init -C --label "IDX-SCM" -P --auth-id 53434D --so-pin "12345678"
--so-puk "123456" --pin "9999" --puk "8888"
Pkcs#12 with the 'SmartcardLogon' + 'Client Authentication' certificate is
imported by :
# pkcs15-init -a 53434D --label "basic user smartcard logon" -S basic_user.p12
-f pkcs12 --passphrase coucou --so-pin "12345678" --pin "9999" --key-usage
digitalSignature,dataEncipherment --cert-label "basic user smartcard logon"
(Don't know why with the key usage derived from the certificate extensions it's
not worked.)
The first login to AD on the XP platform is OK .
Also works the sequence 'clean-up personal key store' > log-off > log-in.
Kind regards,
Viktor.
________________________________
Ce message et les pièces jointes sont confidentiels et réservés à l'usage
exclusif de ses destinataires. Il peut également être protégé par le secret
professionnel. Si vous recevez ce message par erreur, merci d'en avertir
immédiatement l'expéditeur et de le détruire. L'intégrité du message ne pouvant
être assurée sur Internet, la responsabilité du groupe Atos Origin ne pourra
être recherchée quant au contenu de ce message. Bien que les meilleurs efforts
soient faits pour maintenir cette transmission exempte de tout virus,
l'expéditeur ne donne aucune garantie à cet égard et sa responsabilité ne
saurait être recherchée pour tout dommage résultant d'un virus transmis.
This e-mail and the documents attached are confidential and intended solely for
the addressee; it may also be privileged. If you receive this e-mail in error,
please notify the sender immediately and destroy it. As its integrity cannot be
secured on the Internet, the Atos Origin group liability cannot be triggered
for the message content. Although the sender endeavours to maintain a computer
virus-free network, the sender does not warrant that this transmission is
virus-free and will not be liable for any damages resulting from any virus
transmitted.
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
71:7e:23:21:00:00:00:00:02:68
Signature Algorithm: sha1WithRSAEncryption
Issuer:
commonName = AOFR37621
domainComponent = pmtdom
domainComponent = local
Validity
Not Before: Jun 1 08:08:19 2011 GMT
Not After : May 31 08:08:19 2012 GMT
Subject:
emailAddress =
commonName = Benoit BL. Lotito
organizationalUnitName =
organizationName =
localityName = MDS
stateOrProvinceName =
countryName =
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:c2:d6:f7:99:2d:60:e2:02:1b:91:e4:c2:79:99:
a4:9c:93:0d:ec:4f:92:db:35:57:a6:9b:91:4a:31:
5b:4b:5e:b6:41:65:df:2f:6b:b9:2f:dc:33:ee:8d:
34:8d:32:63:f3:86:85:f9:86:6d:83:15:c6:dd:8f:
93:06:d3:6e:d0:76:d9:9b:51:1c:cc:9c:22:8a:af:
1b:68:68:0a:ad:8f:3f:5f:2d:81:51:ec:9b:7f:ec:
f8:10:f1:87:62:0f:8f:62:c1:ed:f4:8a:f9:5c:a8:
ea:c2:29:07:4f:d5:6a:d6:f7:9e:53:81:9b:af:9d:
8b:a6:4a:8f:dd:a1:bd:3e:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
1.3.6.1.4.1.311.21.7:
0-.%+.....7.............................j..d...
X509v3 Subject Alternative Name:
othername:<unsupported>
X509v3 Subject Key Identifier:
57:DE:4F:71:10:4C:94:D1:89:C4:AB:F7:6F:D4:AB:44:CD:A2:48:9C
X509v3 Authority Key Identifier:
keyid:24:89:B3:02:80:2D:B2:72:7C:E4:2B:47:6A:79:51:68:E7:EC:D5:0C
X509v3 CRL Distribution Points:
URI:ldap:///CN=AOFR37621,CN=aofr37621,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=pmtdom,DC=local?certificateRevocationList?base?objectClass=cRLDistributionPoint
URI:http://aofr37621.pmtdom.local/CertEnroll/AOFR37621.crl
Authority Information Access:
CA Issuers -
URI:ldap:///CN=AOFR37621,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=pmtdom,DC=local?cACertificate?base?objectClass=certificationAuthority
CA Issuers -
URI:http://aofr37621.pmtdom.local/CertEnroll/aofr37621.pmtdom.local_AOFR37621.crt
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Key Usage:
Digital Signature
X509v3 Extended Key Usage:
Microsoft Smartcardlogin, TLS Web Client Authentication
1.3.6.1.4.1.311.21.10:
0.0..
+.....7...0
..+.......
Signature Algorithm: sha1WithRSAEncryption
65:15:ca:0f:49:e0:ec:af:d6:9b:1d:9e:93:70:6d:f4:79:65:
b6:55:85:29:6a:b1:32:96:20:ca:86:2a:3d:d4:27:3e:b3:05:
0b:d5:56:e8:b7:92:c4:20:08:7a:80:a1:3c:7c:7d:47:2c:3f:
de:6e:25:28:d1:59:be:ea:f1:87:7f:f6:f5:1a:f9:ee:3e:3a:
b7:5f:6d:da:d0:23:59:e9:c2:87:03:ab:72:2d:d9:bc:0a:6f:
ac:8c:69:e0:e0:3f:cb:79:80:97:03:13:2b:48:9a:27:55:b9:
9d:83:4a:dc:87:28:c9:b4:cd:0f:86:18:ad:77:c2:09:18:00:
1c:1d:fd:52:3c:29:cc:c8:be:63:4f:b7:3a:fe:2a:0f:cd:2f:
89:7e:94:4c:37:9e:7c:8a:ca:3c:a5:8b:22:c4:af:de:93:1b:
e6:db:7d:50:9c:16:2f:27:2d:1d:7b:d6:85:97:af:f1:38:f6:
dc:09:f7:1c:8c:a5:23:02:6d:51:bb:f0:df:3f:d7:1a:61:ed:
3e:3e:51:b1:53:4b:71:24:6d:f5:fb:2a:72:67:93:0c:0e:ac:
df:08:34:9c:65:5d:bc:3f:19:3e:ad:9b:22:22:74:76:f4:d4:
fa:48:c0:7b:83:8d:cb:49:14:81:c4:e6:9b:50:e2:55:4c:80:
7b:98:a1:11
-----BEGIN CERTIFICATE-----
MIIF5zCCBM+gAwIBAgIKcX4jIQAAAAACaDANBgkqhkiG9w0BAQUFADBDMRUwEwYK
CZImiZPyLGQBGRYFbG9jYWwxFjAUBgoJkiaJk/IsZAEZFgZwbXRkb20xEjAQBgNV
BAMTCUFPRlIzNzYyMTAeFw0xMTA2MDEwODA4MTlaFw0xMjA1MzEwODA4MTlaMGwx
CjAIBgNVBAYTASAxCjAIBgNVBAgTASAxDDAKBgNVBAcTA01EUzEKMAgGA1UEChMB
IDEKMAgGA1UECxMBIDEaMBgGA1UEAxMRQmVub2l0IEJMLiBMb3RpdG8xEDAOBgkq
hkiG9w0BCQEWASAwgZ4wDQYJKoZIhvcNAQEBBQADgYwAMIGIAoGAwtb3mS1g4gIb
keTCeZmknJMN7E+S2zVXppuRSjFbS162QWXfL2u5L9wz7o00jTJj84aF+YZtgxXG
3Y+TBtNu0HbZm1EczJwiiq8baGgKrY8/Xy2BUeybf+z4EPGHYg+PYsHt9Ir5XKjq
wikHT9Vq1veeU4Gbr52LpkqP3aG9Pp8CAwEAAaOCAzcwggMzMDwGCSsGAQQBgjcV
BwQvMC0GJSsGAQQBgjcVCMyIEIW4wh2E3Z0BhdHQB4SpswkGg6jcDIaegWoCAWQC
AQkwKQYDVR0RBCIwIKAeBgorBgEEAYI3FAIDoBAMDmJsb3RpdG9AcG10ZG9tMB0G
A1UdDgQWBBRX3k9xEEyU0YnEq/dv1KtEzaJInDAfBgNVHSMEGDAWgBQkibMCgC2y
cnzkK0dqeVFo5+zVDDCCAQIGA1UdHwSB+jCB9zCB9KCB8aCB7oaBs2xkYXA6Ly8v
Q049QU9GUjM3NjIxLENOPWFvZnIzNzYyMSxDTj1DRFAsQ049UHVibGljJTIwS2V5
JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1wbXRk
b20sREM9bG9jYWw/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVj
dENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50hjZodHRwOi8vYW9mcjM3NjIxLnBt
dGRvbS5sb2NhbC9DZXJ0RW5yb2xsL0FPRlIzNzYyMS5jcmwwggEZBggrBgEFBQcB
AQSCAQswggEHMIGpBggrBgEFBQcwAoaBnGxkYXA6Ly8vQ049QU9GUjM3NjIxLENO
PUFJQSxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1D
b25maWd1cmF0aW9uLERDPXBtdGRvbSxEQz1sb2NhbD9jQUNlcnRpZmljYXRlP2Jh
c2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdGlvbkF1dGhvcml0eTBZBggrBgEFBQcw
AoZNaHR0cDovL2FvZnIzNzYyMS5wbXRkb20ubG9jYWwvQ2VydEVucm9sbC9hb2Zy
Mzc2MjEucG10ZG9tLmxvY2FsX0FPRlIzNzYyMS5jcnQwDAYDVR0TAQH/BAIwADAL
BgNVHQ8EBAMCB4AwHwYDVR0lBBgwFgYKKwYBBAGCNxQCAgYIKwYBBQUHAwIwKQYJ
KwYBBAGCNxUKBBwwGjAMBgorBgEEAYI3FAICMAoGCCsGAQUFBwMCMA0GCSqGSIb3
DQEBBQUAA4IBAQBlFcoPSeDsr9abHZ6TcG30eWW2VYUparEyliDKhio91Cc+swUL
1Vbot5LEIAh6gKE8fH1HLD/ebiUo0Vm+6vGHf/b1GvnuPjq3X23a0CNZ6cKHA6ty
Ldm8Cm+sjGng4D/LeYCXAxMrSJonVbmdg0rchyjJtM0Phhitd8IJGAAcHf1SPCnM
yL5jT7c6/ioPzS+JfpRMN558iso8pYsixK/ekxvm231QnBYvJy0de9aFl6/xOPbc
CfccjKUjAm1Ru/DfP9caYe0+PlGxU0txJG31+ypyZ5MMDqzfCDScZV28Pxk+rZsi
InR29NT6SMB7g43LSRSBxOabUOJVTIB7mKER
-----END CERTIFICATE-----
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
