Hello Viktor, I have retrieved your last code from the git repository.
According to the log file, the application / card pin slot is now done correctly: [...] 0xb78a28d0 10:29:40.089 [opensc-pkcs11] framework-pkcs15.c:678:pkcs15_create_pkcs11_objects: Found 3 data objects 0xb78a28d0 10:29:40.089 [opensc-pkcs11] framework-pkcs15.c:784:pkcs15_bind_related_objects: Looking for objects related to object 0 0xb78a28d0 10:29:40.089 [opensc-pkcs11] framework-pkcs15.c:692:__pkcs15_prkey_bind_related: Object is a private key and has id 5369676E6174757265204365727469666963617465 0xb78a28d0 10:29:40.089 [opensc-pkcs11] framework-pkcs15.c:717:__pkcs15_prkey_bind_related: Associating object 3 as public key 0xb78a28d0 10:29:40.089 [opensc-pkcs11] framework-pkcs15.c:784:pkcs15_bind_related_objects: Looking for objects related to object 1 0xb78a28d0 10:29:40.089 [opensc-pkcs11] framework-pkcs15.c:692:__pkcs15_prkey_bind_related: Object is a private key and has id 41757468656E74696669636174696F6E204365727469666963617465 0xb78a28d0 10:29:40.089 [opensc-pkcs11] framework-pkcs15.c:717:__pkcs15_prkey_bind_related: Associating object 4 as public key 0xb78a28d0 10:29:40.089 [opensc-pkcs11] framework-pkcs15.c:784:pkcs15_bind_related_objects: Looking for objects related to object 2 0xb78a28d0 10:29:40.089 [opensc-pkcs11] framework-pkcs15.c:692:__pkcs15_prkey_bind_related: Object is a private key and has id 01 0xb78a28d0 10:29:40.089 [opensc-pkcs11] framework-pkcs15.c:717:__pkcs15_prkey_bind_related: Associating object 5 as public key 0xb78a28d0 10:29:40.089 [opensc-pkcs11] framework-pkcs15.c:784:pkcs15_bind_related_objects: Looking for objects related to object 3 0xb78a28d0 10:29:40.089 [opensc-pkcs11] framework-pkcs15.c:784:pkcs15_bind_related_objects: Looking for objects related to object 4 0xb78a28d0 10:29:40.089 [opensc-pkcs11] framework-pkcs15.c:784:pkcs15_bind_related_objects: Looking for objects related to object 5 0xb78a28d0 10:29:40.089 [opensc-pkcs11] framework-pkcs15.c:784:pkcs15_bind_related_objects: Looking for objects related to object 6 0xb78a28d0 10:29:40.089 [opensc-pkcs11] framework-pkcs15.c:734:__pkcs15_cert_bind_related: Object is a certificate and has id 5369676E6174757265204365727469666963617465 0xb78a28d0 10:29:40.089 [opensc-pkcs11] framework-pkcs15.c:763:__pkcs15_cert_bind_related: Associating object 0 as private key 0xb78a28d0 10:29:40.089 [opensc-pkcs11] framework-pkcs15.c:784:pkcs15_bind_related_objects: Looking for objects related to object 7 0xb78a28d0 10:29:40.089 [opensc-pkcs11] framework-pkcs15.c:734:__pkcs15_cert_bind_related: Object is a certificate and has id 41757468656E74696669636174696F6E204365727469666963617465 0xb78a28d0 10:29:40.089 [opensc-pkcs11] framework-pkcs15.c:763:__pkcs15_cert_bind_related: Associating object 1 as private key 0xb78a28d0 10:29:40.089 [opensc-pkcs11] framework-pkcs15.c:784:pkcs15_bind_related_objects: Looking for objects related to object 8 0xb78a28d0 10:29:40.089 [opensc-pkcs11] framework-pkcs15.c:784:pkcs15_bind_related_objects: Looking for objects related to object 9 0xb78a28d0 10:29:40.089 [opensc-pkcs11] framework-pkcs15.c:784:pkcs15_bind_related_objects: Looking for objects related to object 10 0xb78a28d0 10:29:40.090 [opensc-pkcs11] framework-pkcs15.c:1025:_pkcs15_create_typed_objects: found 11 FW objects0xb78a28d0 10:29:40.090 [opensc-pkcs11] framework-pkcs15.c:1260:pkcs15_create_tokens: Found 11 FW objects objects0xb78a28d0 10:29:40.090 [opensc-pkcs11] framework-pkcs15.c:1270:pkcs15_create_tokens: Found authentication object 'Card PIN'0xb78a28d0 10:29:40.090 [opensc-pkcs11] slot.c:351:slot_allocate: Allocated slot 0x3 for card in reader Teo by Xiring 00 000xb78a28d0 10:29:40.090 [opensc-pkcs11] framework-pkcs15.c:951:pkcs15_init_slot: Initialized token 'ECC eID (Card PIN)' in slot 0x30xb78a28d0 10:29:40.090 [opensc-pkcs11] framework-pkcs15.c:1137:_add_pin_related_objects: PinID:c10xb78a28d0 10:29:40.090 [opensc-pkcs11] framework-pkcs15.c:1149:_add_pin_related_objects: ObjID(0x8e8e048,Certificat Signature IGC-CA,101):c10xb78a28d0 10:29:40.090 [opensc-pkcs11] framework-pkcs15.c:1156:_add_pin_related_objects: Slot:0x8eac4a0, obj:0x8e8e048 Adding private key 0 to PIN 'Card PIN'0xb78a28d0 10:29:40.090 [opensc-pkcs11] framework-pkcs15.c:851:pkcs15_add_object: Slot:3 Setting object handle of 0x0 to 0x8e8e0480xb78a28d0 10:29:40.090 [opensc-pkcs11] framework-pkcs15.c:851:pkcs15_add_object: Slot:3 Setting object handle of 0x0 to 0x8eb2c400xb78a28d0 10:29:40.090 [opensc-pkcs11] framework-pkcs15.c:851:pkcs15_add_object: Slot:3 Setting object handle of 0x0 to 0x8eb8cb80xb78a28d0 10:29:40.090 [opensc-pkcs11] framework-pkcs15.c:1149:_add_pin_related_objects: ObjID(0x8ea7bb0,Certificat Authentification IGC-CA,101):c10xb78a28d0 10:29:40.090 [opensc-pkcs11] framework-pkcs15.c:1156:_add_pin_related_objects: Slot:0x8eac4a0, obj:0x8ea7bb0 Adding private key 1 to PIN 'Card PIN'0xb78a28d0 10:29:40.090 [opensc-pkcs11] framework-pkcs15.c:851:pkcs15_add_object: Slot:3 Setting object handle of 0x0 to 0x8ea7bb00xb78a28d0 10:29:40.090 [opensc-pkcs11] framework-pkcs15.c:851:pkcs15_add_object: Slot:3 Setting object handle of 0x0 to 0x8eb2d500xb78a28d0 10:29:40.090 [opensc-pkcs11] framework-pkcs15.c:851:pkcs15_add_object: Slot:3 Setting object handle of 0x0 to 0x8eba1280xb78a28d0 10:29:40.091 [opensc-pkcs11] framework-pkcs15.c:1149:_add_pin_related_objects: ObjID(0x8ea0cc0,zone_key,101):c10xb78a28d0 10:29:40.091 [opensc-pkcs11] framework-pkcs15.c:1156:_add_pin_related_objects: Slot:0x8eac4a0, obj:0x8ea0cc0 Adding private key 2 to PIN 'Card PIN'0xb78a28d0 10:29:40.091 [opensc-pkcs11] framework-pkcs15.c:851:pkcs15_add_object: Slot:3 Setting object handle of 0x0 to 0x8ea0cc00xb78a28d0 10:29:40.091 [opensc-pkcs11] framework-pkcs15.c:851:pkcs15_add_object: Slot:3 Setting object handle of 0x0 to 0x8eb2e600xb78a28d0 10:29:40.091 [opensc-pkcs11] framework-pkcs15.c:1190:_add_public_objects: 11 public objects to process [...] In my case, I am also forcing the signature process to be done with the authentication command (the key we use is not allowed to sign for the moment). (I have temporarly changed "senv.operation = SC_SEC_OPERATION_SIGN;" into "senv.operation = SC_SEC_OPERATION_SIGN;" in pkcs15-sec.c). The generated signature using pkcs15-crypt is ok but when I try to sign from openssl, the key selection failed due to an non matching attribute has shown by the following log extract: [...] 0xb78a28d0 10:29:44.880 [opensc-pkcs11] apdu.c:184:sc_apdu_log: Outgoing APDU data [ 9 bytes] ===================================== 00 20 00 01 04 30 30 30 37 . ...0007 ====================================================================== 0xb78a28d0 10:29:44.880 [opensc-pkcs11] reader-pcsc.c:176:pcsc_internal_transmit: called 0xb78a28d0 10:29:44.968 [opensc-pkcs11] apdu.c:184:sc_apdu_log: Incoming APDU data [ 2 bytes] ===================================== 90 00 .. ====================================================================== 0xb78a28d0 10:29:44.968 [opensc-pkcs11] card.c:330:sc_unlock: called 0xb78a28d0 10:29:44.968 [opensc-pkcs11] card-iasecc.c:1630:iasecc_chv_verify: returning with: 0 (Success) 0xb78a28d0 10:29:44.968 [opensc-pkcs11] card-iasecc.c:123:iasecc_chv_cache_verified: called 0xb78a28d0 10:29:44.968 [opensc-pkcs11] card-iasecc.c:137:iasecc_chv_cache_verified: iasecc_chv_cache_verified() allocated 0x8ebb328 0xb78a28d0 10:29:44.968 [opensc-pkcs11] card-iasecc.c:146:iasecc_chv_cache_verified: iasecc_chv_cache_verified() sha1(PIN): 83DE061FB52099B8B9B03B3AE4E888D6B10D9E5E 0xb78a28d0 10:29:44.968 [opensc-pkcs11] card-iasecc.c:159:iasecc_chv_cache_verified: returning with: 0 (Success) 0xb78a28d0 10:29:44.968 [opensc-pkcs11] card-iasecc.c:1758:iasecc_pin_verify: returning with: 0 (Success) 0xb78a28d0 10:29:44.969 [opensc-pkcs11] card-iasecc.c:2119:iasecc_pin_cmd: returning with: 0 (Success) 0xb78a28d0 10:29:44.969 [opensc-pkcs11] sec.c:204:sc_pin_cmd: returning with: 0 (Success) 0xb78a28d0 10:29:44.969 [opensc-pkcs11] pkcs15-pin.c:509:sc_pkcs15_pincache_add: called 0xb78a28d0 10:29:44.969 [opensc-pkcs11] pkcs15-pin.c:543:sc_pkcs15_pincache_add: PIN(Card PIN) cached 0xb78a28d0 10:29:44.969 [opensc-pkcs11] card.c:330:sc_unlock: called 0xb78a28d0 10:29:44.969 [opensc-pkcs11] reader-pcsc.c:548:pcsc_unlock: called 0xb78a28d0 10:29:44.973 [opensc-pkcs11] pkcs15-pin.c:296:sc_pkcs15_verify_pin: returning with: 0 (Success) 0xb78a28d0 10:29:44.973 [opensc-pkcs11] framework-pkcs15.c:1478:pkcs15_login: PKCS15 verify PIN returned 0 0xb78a28d0 10:29:44.973 [opensc-pkcs11] framework-pkcs15.c:1487:pkcs15_login: Check if pkcs15 object list can be completed. 0xb78a28d0 10:29:44.973 [opensc-pkcs11] pkcs11-object.c:325:C_FindObjectsInit: C_FindObjectsInit(slot = 1) 0xb78a28d0 10:29:44.973 [opensc-pkcs11] pkcs11-object.c:326:C_FindObjectsInit: C_FindObjectsInit(): CKA_CLASS = CKO_PRIVATE_KEY 0xb78a28d0 10:29:44.973 [opensc-pkcs11] misc.c:136:session_start_operation: called 0xb78a28d0 10:29:44.973 [opensc-pkcs11] misc.c:137:session_start_operation: Session 0x8ebb260, type 0 0xb78a28d0 10:29:44.973 [opensc-pkcs11] pkcs11-object.c:347:C_FindObjectsInit: Object with handle 0x8eab560 0xb78a28d0 10:29:44.973 [opensc-pkcs11] pkcs11-object.c:368:C_FindObjectsInit: Object 1/149599584: Attribute 0x0 does NOT match. 0xb78a28d0 10:29:44.973 [opensc-pkcs11] pkcs11-object.c:347:C_FindObjectsInit: Object with handle 0x8eab5c0 0xb78a28d0 10:29:44.973 [opensc-pkcs11] pkcs11-object.c:368:C_FindObjectsInit: Object 1/149599680: Attribute 0x0 does NOT match. 0xb78a28d0 10:29:44.973 [opensc-pkcs11] pkcs11-object.c:398:C_FindObjectsInit: 0 matching objects 0xb78a28d0 10:29:44.973 [opensc-pkcs11] misc.c:158:session_get_operation: called 0xb78a28d0 10:29:44.973 [opensc-pkcs11] misc.c:158:session_get_operation: called 0xb78a28d0 10:29:44.973 [opensc-pkcs11] pkcs11-object.c:53:sc_find_release: freeing 0 handles used 0 at (nil) 0xb78a28d0 10:29:44.973 [opensc-pkcs11] pkcs11-object.c:325:C_FindObjectsInit: C_FindObjectsInit(slot = 1) 0xb78a28d0 10:29:44.973 [opensc-pkcs11] pkcs11-object.c:326:C_FindObjectsInit: C_FindObjectsInit(): CKA_CLASS = CKO_PUBLIC_KEY 0xb78a28d0 10:29:44.973 [opensc-pkcs11] misc.c:136:session_start_operation: called 0xb78a28d0 10:29:44.973 [opensc-pkcs11] misc.c:137:session_start_operation: Session 0x8ebb260, type 0 0xb78a28d0 10:29:44.973 [opensc-pkcs11] pkcs11-object.c:347:C_FindObjectsInit: Object with handle 0x8eab560 0xb78a28d0 10:29:44.973 [opensc-pkcs11] pkcs11-object.c:368:C_FindObjectsInit: Object 1/149599584: Attribute 0x0 does NOT match. 0xb78a28d0 10:29:44.973 [opensc-pkcs11] pkcs11-object.c:347:C_FindObjectsInit: Object with handle 0x8eab5c0 0xb78a28d0 10:29:44.973 [opensc-pkcs11] pkcs11-object.c:368:C_FindObjectsInit: Object 1/149599680: Attribute 0x0 does NOT match. 0xb78a28d0 10:29:44.974 [opensc-pkcs11] pkcs11-object.c:398:C_FindObjectsInit: 0 matching objects 0xb78a28d0 10:29:44.974 [opensc-pkcs11] misc.c:158:session_get_operation: called 0xb78a28d0 10:29:44.974 [opensc-pkcs11] misc.c:158:session_get_operation: called 0xb78a28d0 10:29:44.974 [opensc-pkcs11] pkcs11-object.c:53:sc_find_release: freeing 0 handles used 0 at (nil) 0xb78a28d0 10:29:49.019 [opensc-pkcs11] pkcs11-global.c:290:C_Finalize: C_Finalize() 0xb78a28d0 10:29:49.020 [opensc-pkcs11] ctx.c:714:sc_cancel: called 0xb78a28d0 10:29:49.020 [opensc-pkcs11] reader-pcsc.c:591:pcsc_cancel: called 0xb78a28d0 10:29:49.020 [opensc-pkcs11] slot.c:178:card_removed: Teo by Xiring 00 00: card removed 0xb78a28d0 10:29:49.021 [opensc-pkcs11] slot.c:398:slot_token_removed: slot_token_removed(0x1) 0xb78a28d0 10:29:49.021 [opensc-pkcs11] pkcs11-session.c:126:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x1) 1 0xb78a28d0 10:29:49.021 [opensc-pkcs11] pkcs11-session.c:98:sc_pkcs11_close_session: real C_CloseSession(0x8ebb260) 0xb78a28d0 10:29:49.021 [opensc-pkcs11] pkcs15-pin.c:596:sc_pkcs15_pincache_clear: called 0xb78a28d0 10:29:49.022 [opensc-pkcs11] card-iasecc.c:1129:iasecc_logout: called 0xb78a28d0 10:29:49.022 [opensc-pkcs11] card-iasecc.c:675:iasecc_select_file: called 0xb78a28d0 10:29:49.022 [opensc-pkcs11] card-iasecc.c:679:iasecc_select_file: iasecc_select_file(card:0x8eac790) path.len 11; path.type 1; aid_len 0 0xb78a28d0 10:29:49.022 [opensc-pkcs11] card-iasecc.c:680:iasecc_select_file: iasecc_select_file() path:f0496173456363526f6f74:: 0xb78a28d0 10:29:49.024 [opensc-pkcs11] card.c:1013:sc_print_cache: current_ef(type=0) e828bd080fd25047656e65726963::7006 0xb78a28d0 10:29:49.024 [opensc-pkcs11] card.c:1018:sc_print_cache: current_df(type=1, aid_len=0) e828bd080fd25047656e65726963:: 0xb78a28d0 10:29:49.025 [opensc-pkcs11] card.c:1013:sc_print_cache: current_ef(type=0) e828bd080fd25047656e65726963::7006 0xb78a28d0 10:29:49.025 [opensc-pkcs11] card.c:1018:sc_print_cache: current_df(type=1, aid_len=0) e828bd080fd25047656e65726963:: 0xb78a28d0 10:29:49.025 [opensc-pkcs11] apdu.c:525:sc_transmit_apdu: called [...] Could this behaviour be related to the fact that the private key is not allowed to sign? Where could I patch the code to force the use of this key? Thanks in advance. -- Jean-Pierre 2011/12/4 Viktor Tarasov <[email protected]>: > Hello Jean-Pierre, > > I guess that you are using the version of OpenSC where the implementation of > IAS/ECC support was not completely finished. > The multi-application aspects of IAS/ECC card where implemented in PKCS#11 > only recently and are not yet ported into the main branch. > > You can try the github 'secure-messaging' branche of OpenSC. > https://github.com/viktorTarasov/OpenSC/tree/secure-messaging > (Unfortunately Jenkins is not currently working and you will need to compile > it yourself.) > > Here, by the OpenSC configuration ('create_slots_for_pins' option) you can > specify how the objects from different > on-card applications are presented by the pkcs11 slots. > By default there will be one slot per on-card application plus one for > SignPIN. > You can also configure to have only one slot with all objects protected by > UserPIN from the all on-card applications. > > I think that any of this configurations will permit you to address the key > that you need -- in the unique slot, or by combination slot-id and key-id. > > Kind regards, > Viktor. > > > > Le 04/12/2011 10:42, Jean-Pierre Fortune a écrit : > >> Hi Douglas, >> Effectively, there is no way to set a specific aid in >> pkcs11/engine_pkcs11/openssl chain. The "default" app is always >> chosen. >> My card's personalisation has to be reviewed. >> I will use the pkcs11/15 lib "directly" in the mean time. >> Thanks for the help. >> Best regards, > > _______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
