Re: [Spice-devel] smartcard usage

Wed, 02 Mar 2011 02:31:37 -0800 

On 03/02/2011 11:08 AM, william wrote:


Well maybe i need to be more carefull at what i say about working :)


I can get the certificates but when i try to use the certs to login 
with pkinit i get a device error when trying to sign the 
pkinit_as_req_create


kerberos debug says:
found 1 private keys (ok)
C_sign: device error
failed to create pkcs7 signed data


It works on the client itself with the same config except the 
libaetpkss.so and the libcoolkeypk11.so



Could it be that the aet middleware libaetpkss is not fully compliant 
or something with the virtual smartcard?



William

Probably it has todo something with the following error when using 
pkcs11-tool --module /usr/lib/pkcs11/libcoolkeypk11.so -O -l



warning: PKCS11 function C_GetAttributeValue(MODULUS_BITS) failed: rv = 
CKR_ATTRIBUTE_TYPE_INVALID (0x12)



warning: PKCS11 function C_GetAttributeValue(MODULUS_BITS) failed: rv = 
CKR_ATTRIBUTE_TYPE_INVALID (0x12)



warning: PKCS11 function C_GetAttributeValue(MODULUS_BITS) failed: rv = 
CKR_ATTRIBUTE_TYPE_INVALID (0x12)


Private Key Object; RSA
  label:      CAC ID Certificate
  ID:         0001
  Usage:      sign
Public Key Object; RSA 0 bits
  label:      CAC ID Certificate
  ID:         0001
  Usage:      verify
Certificate Object, type = X.509 cert
  label:      CAC ID Certificate
  ID:         0001
Private Key Object; RSA
  label:      CAC Email Signature Certificate
  ID:         0002
  Usage:      sign
Public Key Object; RSA 0 bits
  label:      CAC Email Signature Certificate
  ID:         0002
  Usage:      verify
Certificate Object, type = X.509 cert
  label:      CAC Email Signature Certificate
  ID:         0002
Private Key Object; RSA
  label:      CAC Email Encryption Certificate
  ID:         0003
  Usage:      decrypt
Public Key Object; RSA 0 bits
  label:      CAC Email Encryption Certificate
  ID:         0003
  Usage:      encrypt
Certificate Object, type = X.509 cert
  label:      CAC Email Encryption Certificate
  ID:         0003




_______________________________________________
Spice-devel mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/spice-devel



_______________________________________________
Spice-devel mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/spice-devel





























					Reply via email to