You could also try SoftHSM from the OpenDNSSEC-project. It is in our
svn. See www.opendnssec.org
// Rickard
10 jun 2009 kl. 17.15 skrev "Benoit Badrignans" :
> Hi,
>
> I'm an openSC user and in order to perform tests without breaking
> smartcards I'm looking for a pkcs#11 software token.
>
> T
:
"warning: PKCS11 function C_GetAttributeValue(VALUE) failed: rv =
CKR_ATTRIBUTE_TYPE_INVALID (0x12)"
Please apply this patch.
// Rickard Bondesson
pkcs11.tool.get.public.key.patch
Description: Binary data
PGP.sig
Description: PGP signature
___
op
> Hej Rickard,
>
> I think we met after the EPP presentations?
Hmm... Sorry, can't recall that I was at the EPP presentations.
> I saw it, and it is still in my inbox (along with thousands
> of other open source messages that I could and should attend
> to if I had time) but because you didn't
> Thanks to Miquel Comas Martí, who found and fixed this bug
> and contacted us on May 7th, 2009.
Well... It was actually noted by me on Monday 27 April in the thread:
"[opensc-devel] Keygen problem in pkcs11-tool", but no one responded to that.
It seems like the opensc-devel mailing list is no
Hi
The following changeset breaks the key generation process in the pkcs11-tool:
http://www.opensc-project.org/opensc/changeset/3602/trunk/src/tools/pkcs11-tool.c
CK_BYTE publicExponent[] = { 65537 };
It is truncated to the value of 1. 1 is not valid exponent.
Should be:
CK_BYTE publicExponen
> No, since the private key has the CKA_SENSITIVE set to true
> (by the gen_keypair function), which means that key material
> of the private key can not be extracted. And no public key
> can thus be created from the private key.
>
> I think that you should create a private and public key on
>
> The public key can be created in memory and not on token,
> this is also much faster.
> You can do whatever you like with the public key once in memory.
True, but it adds up extra work if you want to use the functionalities of the
HSM.
> The pkcs11-tool can always create the public key from t
True, the public key do take place. But you need the public to be able
to verify signatures (private keys do not have the verify attribute).
So you prefer that you create a temporary public key each time you
want to verify anything?
If you still do not want to create a public key token objec
. 22.23 skrev "Rickard Bondesson" >:
True, the public key do take place. But you need the public to be able
to verify signatures (private keys do not have the verify attribute).
So you prefer that you create a temporary public key each time you
want to verify anything?
If you stil
Will my patch be applied to the system?
// Rickard
PGP.sig
Description: PGP signature
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
> Good find! Any chance you can send a patch? Thanks!
Ohh sorry. This patch is more correct. Forgot to increase the attribute counter
with one.
// Rickard
pkcs11-tool-keygen.patch
Description: Binary data
PGP.sig
Description: PGP signature
___
opens
> Good find! Any chance you can send a patch? Thanks!
Here is the patch
// Rickard
pkcs11-tool-keygen.patch
Description: Binary data
PGP.sig
Description: PGP signature
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.ope
Hi
The publicKeyTemplate when generating a keypair should contain:
{CKA_TOKEN, &_true, sizeof(_true)},
http://www.opensc-project.org/opensc/browser/trunk/src/tools/pkcs11-tool.c#L1043
Or else will the public key be deleted when the session closes. The CKA_TOKEN
defaults to false when not spe
ject.org
> Ämne: Re: [opensc-devel] sign_data in PKCS11-tool
>
> Rickard Bondesson wrote:
> > Perhaps use a similar solution as in the signature testing code?
>
> Can you help with a patch?
>
>
> //Peter
>
pkcs11-tool.patch
Description:
Hi
How should the data from CKA_VALUE be formatted so that d2i_PublicKey (OpenSSL)
can understand the content of it? You are using this function in the
pkcs11-tool to validate the public key.
I have tried to format the data as:
openssl asn1parse -inform PEM -i -in out.msg
0:d=0 hl=3 l= 157
Shouldn't you have a different signing procedure when using the CKM_RSA_PKCS
mechanism?
http://www.opensc-project.org/opensc/browser/trunk/src/tools/pkcs11-tool.c#L927
CKM_RSA_PKCS only support single-part signatures, thus only the C_Sign and not
C_SignUpdate/C_SignFinal.
This also applies to s
How come you send in NULL and not buf2 to the C_GenerateRandom? See code:
http://www.opensc-project.org/opensc/browser/releases/opensc-0.11.6/src/tools/pkcs11-tool.c#L3005
My application will return CKR_ARGUMENTS_BAD because of this and your test
program fails.
You never generate random data to b
17 matches
Mail list logo
