Hello,
I am developing a PKCS#11 module for my diploma thesis and I am
having problems with Thunderbird not recognizing my certificate for
signing. When I want to set it for signing using the Security tab of
Account settings (by clicking Select...), Thunderbird says that
"Certificate Manager can't locate a valid certificate that can be
used to digitally sign your messages".
However, I am able to view it properly, using the Certificate
Manager. It states that the certificate has been verified for some
number of purposes, including "Email signer Certificate". It is a
self-signed certificate and has object handle 1 in my device, and its
CKA_ID is "ID_Mek".
The private key for this certificate has the same CKA_ID and the
object handle is 2. In my opensc-spy log I can see that it should
work this way:
- Thunderbird searches for token certificates
- Gets attributes of the certificates (including CKA_ID)
- Searches for private keys with the same CKA_ID
- ...Continues with whatever it needs to do.
I can see the first three steps repeating twice, and then Thunderbird
gives up. I really don't understand why doesn't it proceed; I am
giving it object handle 2 as my private key, so where is the problem?...
I am attaching my opensc-spy log with unneccessary info stripped out.
Thanks in advance for any clues.
Matej Kurpel
--------------------------- SPY LOG BEGIN ----------------------------
9: C_OpenSession
[in] slotID = 0x0
[in] flags = 0x4
pApplication=067E3000
Notify=6A2D5E19
[out] *phSession = 0x1
Returned: 0 CKR_OK
10: C_FindObjectsInit
[in] hSession = 0x1
[in] pTemplate[1]:
CKA_CLASS CKO_NETSCAPE_BUILTIN_ROOT_LIST
Returned: 19 CKR_ATTRIBUTE_VALUE_INVALID
11: C_FindObjectsInit
[in] hSession = 0x1
[in] pTemplate[2]:
CKA_TOKEN True
CKA_CLASS CKO_CERTIFICATE
Returned: 0 CKR_OK
12: C_FindObjects
[in] hSession = 0x1
[in] ulMaxObjectCount = 0xa
[out] ulObjectCount = 0x1
Object 1 Matches
Returned: 0 CKR_OK
13: C_FindObjectsFinal
[in] hSession = 0x1
Returned: 0 CKR_OK
14: C_GetAttributeValue
[in] hSession = 0x1
[in] hObject = 0x1
[in] pTemplate[2]:
CKA_TOKEN requested with 0 buffer
CKA_LABEL requested with 0 buffer
[out] pTemplate[2]:
CKA_TOKEN has size 4
CKA_LABEL has size 8
Returned: 0 CKR_OK
15: C_GetAttributeValue
[in] hSession = 0x1
[in] hObject = 0x1
[in] pTemplate[2]:
CKA_TOKEN requested with 4 buffer
CKA_LABEL requested with 8 buffer
[out] pTemplate[2]:
CKA_TOKEN True
CKA_LABEL [size : 0x8 (8)]
43657274 204D656B
C e r t . M e k
Returned: 0 CKR_OK
16: C_GetAttributeValue
[in] hSession = 0x1
[in] hObject = 0x1
[in] pTemplate[10]:
CKA_CLASS requested with 0 buffer
CKA_TOKEN requested with 0 buffer
CKA_LABEL requested with 0 buffer
CKA_CERTIFICATE_TYPE requested with 0 buffer
CKA_ID requested with 0 buffer
CKA_VALUE requested with 0 buffer
CKA_ISSUER requested with 0 buffer
CKA_SERIAL_NUMBER requested with 0 buffer
CKA_SUBJECT requested with 0 buffer
CKA_NETSCAPE_EMAIL(Netsc) requested with 0
buffer
[out] pTemplate[10]:
CKA_CLASS has size 4
CKA_TOKEN has size 4
CKA_LABEL has size 8
CKA_CERTIFICATE_TYPE has size 4
CKA_ID has size 6
CKA_VALUE has size 676
CKA_ISSUER has size 107
CKA_SERIAL_NUMBER has size 11
CKA_SUBJECT has size 107
CKA_NETSCAPE_EMAIL(Netsc) has size -1
Returned: 18 CKR_ATTRIBUTE_TYPE_INVALID
17: C_GetAttributeValue
[in] hSession = 0x1
[in] hObject = 0x1
[in] pTemplate[10]:
CKA_CLASS requested with 4 buffer
CKA_TOKEN requested with 4 buffer
CKA_LABEL requested with 8 buffer
CKA_CERTIFICATE_TYPE requested with 4 buffer
CKA_ID requested with 6 buffer
CKA_VALUE requested with 676 buffer
CKA_ISSUER requested with 107 buffer
CKA_SERIAL_NUMBER requested with 11 buffer
CKA_SUBJECT requested with 107 buffer
CKA_NETSCAPE_EMAIL(Netsc) requested with 0
buffer
[out] pTemplate[10]:
CKA_CLASS CKO_CERTIFICATE
CKA_TOKEN True
CKA_LABEL [size : 0x8 (8)]
43657274 204D656B
C e r t . M e k
CKA_CERTIFICATE_TYPE CKC_X_509
CKA_ID [size : 0x6 (6)]
49445F4D 656B
CKA_VALUE [size : 0x2A4 (676)]
308202A0 30820209 A0030201 02020900 92159945 D0C657FE 300D0609
2A864886
F70D0101 05050030 69310B30 09060355 04061302 534B3111 300F0603
5504080C
08536C6F 76616B69 61311030 0E060355 04070C07 5472656E 63696E31
15301306
03550403 0C0C4D61 74656A20 4B757270 656C311E 301C0609 2A864886
F70D0109
01160F6D 6174656A 406B7572 70656C2E 6575301E 170D3130 30373131
31363033
32395A17 0D313330 37313031 36303332 395A3069 310B3009 06035504
06130253
4B311130 0F060355 04080C08 536C6F76 616B6961 3110300E 06035504
070C0754
72656E63 696E3115 30130603 5504030C 0C4D6174 656A204B 75727065
6C311E30
1C06092A 864886F7 0D010901 160F6D61 74656A40 6B757270 656C2E65
7530819F
300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100D0B5
4A0E53C5
9293278E E27A928C 30CB4A19 42F6DE32 B8A49511 96DF53FE 84697225
D5B09842
1497C7C7 04282468 A022C17B 0E51E17B 86C4E062 4BED398F CDCD422F
789A9518
E4D4DC07 DA20186B D1212B80 725E8AE3 4A6878FB C43E6F3A 2A95DC80
870601C8
A576B5A0 72E12F77 3240F60A F0835021 112AE9F0 CB7F98A7 EEC50203
010001A3
50304E30 1D060355 1D0E0416 041441A6 8E318989 EBB00595 EF1F7132
F3E1DE0F
A27C301F 0603551D 23041830 16801441 A68E3189 89EBB005 95EF1F71
32F3E1DE
0FA27C30 0C060355 1D130405 30030101 FF300D06 092A8648 86F70D01
01050500
03818100 5C4FA52E EAE5CF2B 6FDE1CBD 7C9D9B38 CE6E37C9 3FAA1DDB
4100DA82
5803B8BC B89E92C9 9BA34218 01064BA1 784BBEE6 316B7A2C FAD8B595
3D536090
785A05A9 B71311F0 1B8F1E37 17FB5C90 5ACF64C5 F19C22BA C5AB7A3E
7DE9B462
75EEC328 84EC90A6 2212BDE4 322098B4 34971B16 6235F15C 47400F56
432DE7F3
4175CD0D
CKA_ISSUER [size : 0x6B (107)]
3069310B 30090603 55040613 02534B31 11300F06 03550408 0C08536C
6F76616B
69613110 300E0603 5504070C 07547265 6E63696E 31153013 06035504
030C0C4D
6174656A 204B7572 70656C31 1E301C06 092A8648 86F70D01 0901160F
6D617465
6A406B75 7270656C 2E6575
DN: C=SK, ST=Slovakia, L=Trencin, CN=Matej
Kurpel/emailaddress=ma...@kurpel.eu
CKA_SERIAL_NUMBER [size : 0xB (11)]
02090092 159945D0 C657FE
CKA_SUBJECT [size : 0x6B (107)]
3069310B 30090603 55040613 02534B31 11300F06 03550408 0C08536C
6F76616B
69613110 300E0603 5504070C 07547265 6E63696E 31153013 06035504
030C0C4D
6174656A 204B7572 70656C31 1E301C06 092A8648 86F70D01 0901160F
6D617465
6A406B75 7270656C 2E6575
DN: C=SK, ST=Slovakia, L=Trencin, CN=Matej
Kurpel/emailaddress=ma...@kurpel.eu
CKA_NETSCAPE_EMAIL(Netsc) has size -1
Returned: 18 CKR_ATTRIBUTE_TYPE_INVALID
18: C_GetAttributeValue
[in] hSession = 0x1
[in] hObject = 0x1
[in] pTemplate[1]:
CKA_NETSCAPE_EMAIL(Netsc) requested with 0
buffer
[out] pTemplate[1]:
CKA_NETSCAPE_EMAIL(Netsc) has size -1
Returned: 18 CKR_ATTRIBUTE_TYPE_INVALID
19: C_GetAttributeValue
[in] hSession = 0x1
[in] hObject = 0x1
[in] pTemplate[1]:
CKA_NETSCAPE_EMAIL(Netsc) requested with 0
buffer
[out] pTemplate[1]:
CKA_NETSCAPE_EMAIL(Netsc) has size -1
Returned: 18 CKR_ATTRIBUTE_TYPE_INVALID
20: C_FindObjectsInit
[in] hSession = 0x1
[in] pTemplate[2]:
CKA_TOKEN True
CKA_CLASS CKO_NETSCAPE_TRUST
Returned: 19 CKR_ATTRIBUTE_VALUE_INVALID
21: C_FindObjectsInit
[in] hSession = 0x1
[in] pTemplate[2]:
CKA_CLASS CKO_NETSCAPE_CRL
CKA_SUBJECT [size : 0x48 (72)]
3046310B 30090603 55040613 02555331 13301106 0355040A 130A476F
6F676C65
20496E63 31223020 06035504 03131947 6F6F676C 6520496E 7465726E
65742041
7574686F 72697479
DN: C=US, O=Google Inc, CN=Google Internet Authority
Returned: 19 CKR_ATTRIBUTE_VALUE_INVALID
--------------------------- THE NEXT IS HAPPENING AFTER CLICKING THE
SELECT... BUTTON IN ACCOUNT SETTINGS - SECURITY
----------------------------
22: C_FindObjectsInit
[in] hSession = 0x1
[in] pTemplate[2]:
CKA_CLASS CKO_NETSCAPE_CRL
CKA_SUBJECT [size : 0x50 (80)]
304E310B 30090603 55040613 02555331 10300E06 0355040A 13074571
75696661
78312D30 2B060355 040B1324 45717569 66617820 53656375 72652043
65727469
66696361 74652041 7574686F 72697479
DN: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
Returned: 19 CKR_ATTRIBUTE_VALUE_INVALID
23: C_FindObjectsInit
[in] hSession = 0x1
[in] pTemplate[2]:
CKA_TOKEN True
CKA_CLASS CKO_CERTIFICATE
Returned: 0 CKR_OK
24: C_FindObjects
[in] hSession = 0x1
[in] ulMaxObjectCount = 0x10
[out] ulObjectCount = 0x1
Object 1 Matches
Returned: 0 CKR_OK
25: C_FindObjectsFinal
[in] hSession = 0x1
Returned: 0 CKR_OK
26: C_GetAttributeValue
[in] hSession = 0x1
[in] hObject = 0x1
[in] pTemplate[2]:
CKA_TOKEN requested with 0 buffer
CKA_LABEL requested with 0 buffer
[out] pTemplate[2]:
CKA_TOKEN has size 4
CKA_LABEL has size 8
Returned: 0 CKR_OK
27: C_GetAttributeValue
[in] hSession = 0x1
[in] hObject = 0x1
[in] pTemplate[2]:
CKA_TOKEN requested with 4 buffer
CKA_LABEL requested with 8 buffer
[out] pTemplate[2]:
CKA_TOKEN True
CKA_LABEL [size : 0x8 (8)]
43657274 204D656B
C e r t . M e k
Returned: 0 CKR_OK
28: C_GetAttributeValue
[in] hSession = 0x1
[in] hObject = 0x1
[in] pTemplate[2]:
CKA_ID requested with 0 buffer
CKA_CLASS requested with 0 buffer
[out] pTemplate[2]:
CKA_ID has size 6
CKA_CLASS has size 4
Returned: 0 CKR_OK
29: C_GetAttributeValue
[in] hSession = 0x1
[in] hObject = 0x1
[in] pTemplate[2]:
CKA_ID requested with 6 buffer
CKA_CLASS requested with 4 buffer
[out] pTemplate[2]:
CKA_ID [size : 0x6 (6)]
49445F4D 656B
CKA_CLASS CKO_CERTIFICATE
Returned: 0 CKR_OK
30: C_FindObjectsInit
[in] hSession = 0x1
[in] pTemplate[2]:
CKA_ID [size : 0x6 (6)]
49445F4D 656B
CKA_CLASS CKO_PRIVATE_KEY
Returned: 0 CKR_OK
31: C_FindObjects
[in] hSession = 0x1
[in] ulMaxObjectCount = 0x1
[out] ulObjectCount = 0x1
Object 2 Matches
Returned: 0 CKR_OK
32: C_FindObjectsFinal
[in] hSession = 0x1
Returned: 0 CKR_OK
33: C_FindObjectsInit
[in] hSession = 0x1
[in] pTemplate[2]:
CKA_TOKEN True
CKA_CLASS CKO_CERTIFICATE
Returned: 0 CKR_OK
34: C_FindObjects
[in] hSession = 0x1
[in] ulMaxObjectCount = 0x10
[out] ulObjectCount = 0x1
Object 1 Matches
Returned: 0 CKR_OK
35: C_FindObjectsFinal
[in] hSession = 0x1
Returned: 0 CKR_OK
36: C_GetAttributeValue
[in] hSession = 0x1
[in] hObject = 0x1
[in] pTemplate[2]:
CKA_TOKEN requested with 0 buffer
CKA_LABEL requested with 0 buffer
[out] pTemplate[2]:
CKA_TOKEN has size 4
CKA_LABEL has size 8
Returned: 0 CKR_OK
37: C_GetAttributeValue
[in] hSession = 0x1
[in] hObject = 0x1
[in] pTemplate[2]:
CKA_TOKEN requested with 4 buffer
CKA_LABEL requested with 8 buffer
[out] pTemplate[2]:
CKA_TOKEN True
CKA_LABEL [size : 0x8 (8)]
43657274 204D656B
C e r t . M e k
Returned: 0 CKR_OK
38: C_GetAttributeValue
[in] hSession = 0x1
[in] hObject = 0x1
[in] pTemplate[2]:
CKA_ID requested with 0 buffer
CKA_CLASS requested with 0 buffer
[out] pTemplate[2]:
CKA_ID has size 6
CKA_CLASS has size 4
Returned: 0 CKR_OK
39: C_GetAttributeValue
[in] hSession = 0x1
[in] hObject = 0x1
[in] pTemplate[2]:
CKA_ID requested with 6 buffer
CKA_CLASS requested with 4 buffer
[out] pTemplate[2]:
CKA_ID [size : 0x6 (6)]
49445F4D 656B
CKA_CLASS CKO_CERTIFICATE
Returned: 0 CKR_OK
40: C_FindObjectsInit
[in] hSession = 0x1
[in] pTemplate[2]:
CKA_ID [size : 0x6 (6)]
49445F4D 656B
CKA_CLASS CKO_PRIVATE_KEY
Returned: 0 CKR_OK
41: C_FindObjects
[in] hSession = 0x1
[in] ulMaxObjectCount = 0x1
[out] ulObjectCount = 0x1
Object 2 Matches
Returned: 0 CKR_OK
42: C_FindObjectsFinal
[in] hSession = 0x1
Returned: 0 CKR_OK
43: C_CloseAllSessions
[in] slotID = 0x0
Returned: 0 CKR_OK
44: C_Finalize
Returned: 0 CKR_OK
--------------------------- SPY LOG END ----------------------------
