I played around with OpenSC 0.12.2-svn and Crypto Stick 1.2 (OpenPGP v. 2) and some problems have been found.
Environment: GNU Linux 32-bits / Mandriva OpenSC 0.12.2-svn rev: 5569 (built with OpenSSL) CCID: 1.4.4 Firefox: 5.0.1 OpenSSL 1.0.0a 1 Jun 2010 pcsc-lite 1.7.0 1.) Nether PEM, nor P12 certificate can't be loaded into Crypto Stick. It tells an OpenSSL' error occured. However, both certs can are validated by OpenSSL. Log: http://szn.republika.pl/loading.txt 2.) Trying to list objects on empty card (-O switch) causes segfault. log: http://szn.republika.pl/crash-o.txt 3.) Signing causes pkcs11-tool hangs. After last command program was terminated by Ctrl+C cause it didn't answer. Command line: OPENSC_DEBUG=9 pkcs11-tool --module ~/cards/opensc/src/pkcs11/.libs/opensc-pkcs11.so -m RSA-PKCS -p 123456 -s signMe.txt >> signing.txt 2>&1 log: http://szn.republika.pl/signing.txt (With RSA-X-509 an effect is same) 4.) Key pair can't be generated. Reason: CKR_FUNCTION_NOT_SUPPORTED (0x54) Is this feature supported now at all? 5.) After loading PKCS#11 driver to Firefox, a Crypto Stick isn't seen as a certificates storage. Of course driver loads great and everything is good, but certificate can't be loaded into. I made a simple test to find out why. I caught all the PKCS#11 calls between Firefox and: a.) Generic, software NSS driver and b.) OpenSC driver during creating X.509 ceritificate. Logs here: http://szn.republika.pl/nss.tar.gz 6.) Signing mechanisms supported are: RSA-X-509, keySize={2048,2048}, hw, decrypt, sign, verify RSA-PKCS, keySize={2048,2048}, hw, decrypt, sign, verify SHA1-RSA-PKCS, keySize={2048,2048}, sign, verify SHA256-RSA-PKCS, keySize={2048,2048}, sign, verify MD5-RSA-PKCS, keySize={2048,2048}, sign, verify RIPEMD160-RSA-PKCS, keySize={2048,2048}, sign, verify Why they all have only one length of key available? -- Regards AR _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
