Dear friends,
This is my first post.
Thanks for accepting me on this list.
We have been trying to develop a Java tool solution for Mac Os X to access all
tokens and Smartcards used in certification in Brazil. The most common are:
Aladdin eToken
G & D SmartCafé
G & D Starcos 2.3 and 2.4
Feitian ePass 2000
Our goal is to write a solution that can be used by the ordinary person with a
smartcard or token "as is" supplied by the certification authority. This means
the end user can not apply opensc solutions by himself.
We have been running tests on our code, we are using a Fetian PKI card, we have
intialized it using the command "$ pkcs15-init -E" and created the profile
using the command "$pkcs15-init --create-pkcs15 --profile
pkcs15+onepin+feitianpki --use-default-transport-key --pin 0000 --puk 111111
--label "Label name here".
To copy the certificate to the Feitian PKI card we used this command:
$ pkcs15-init --store-private-key USINA.pfx --format pkcs12 --auth-id 01 --pin
xxxxxx
Using reader with a card: OmniKey CardMan 3121 00 00
error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure
Please enter passphrase to unlock secret key:
Importing 4 certificates:
0: /C=BR/O=ICP-Brasil/OU=Autoridade Certificadora
SERPROACF/OU=PRONOVA/OU=Pessoa Juridica A1/L=QUEIMADOS/ST=RJ/CN=USINA
BRASILEIRA DE CRISTOBALITA LTDA:73264202000114
1: /C=BR/O=ICP-Brasil/OU=Instituto Nacional de Tecnologia da Informacao -
ITI/CN=Autoridade Certificadora Raiz Brasileira v1
2: /C=BR/O=ICP-Brasil/CN=Autoridade Certificadora SERPRO v2
3: /C=BR/O=ICP-Brasil/OU=Servico Federal de Processamento de Dados -
SERPRO/OU=CSPB-1/CN=Autoridade Certificadora do SERPRO Final v2
We can sign XML files and "talk" to a XML Soap service, with required
authentication, using this Feitian PKI smartcard, but when we try to use an
Alladin or any other token we get a message such as this:
$ ./run.sh
Removing SunPKCS11-Darwin
java.security.ProviderException: Initialization failed
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:340)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:90)
at radek.security.PKCS11Util.createPKCS11Provider(Unknown Source)
at radek.signingd.SignD.main(SignD.java:105)
Caused by: java.io.IOException:
dlopen(/Library/Frameworks/eToken.framework/Versions/4.55.41/libeToken.dylib,
1): no suitable image found. Did find:
/Library/Frameworks/eToken.framework/Versions/4.55.41/libeToken.dylib:
no matching architecture in universal
wrapper/Library/Frameworks/eToken.framework/Versions/4.55.41/libeToken.dylib
at sun.security.pkcs11.wrapper.PKCS11.connect(Native Method)
at sun.security.pkcs11.wrapper.PKCS11.<init>(PKCS11.java:141)
at sun.security.pkcs11.wrapper.PKCS11.getInstance(PKCS11.java:154)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:281)
... 3 more
Initialization failed
======== end of log
What are we doing wrong?
We are wondering if our task is possible at all. If Java Libraries can be used
to access ordinary token and smartcard contents.
I thank you very much for reading this long text,
Bernardo Höhl
Rio de Janeiro - Brazil_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
