Hi again,
  I've been trying to work some kinks out of the Muscle Plugin and have
found that the PKCS11 library is having issues with things.
I'm trying to make sure that I get the PIN number and verify before
operations, so I have the plugin select a file and authenticate to it
as per the examples in other pkcs15-init card implementations (such as
cryptoflex).  However... the authentication fails w/ P11 because P11
uses a separate PIN system (pkcs11-tool logs into the card w/ the -l
flag)... when key generation is further along, it needs to create the
PrKF file... it uses the sc_pkcs15init_authenticate call to check w/
the file for authentication... but since there are no PIN callbacks and
the keycache is disabled, the authentication fails.

Here's a short rundown of what happens:
Me -> executes: pkcs11-tool -l -k rsa:1024
pkcs11-tool:
  Validates my PIN to the card
  Begins key generation process
  p11 library:
    ...
    muscle-plugin:
      looks up the path for the key
      authenticates to that path
        -- fails because no cached key data and no PIN callbacks
      (recent modification ignores the return value since if the user
      really wasn't authenticated, the key generation itself would fail)
      key is generated
      public key is extracted
    PrKDF entry begins updating
    -- after the PrKF file is encoded within sc_pkcs15init_update_any_df
    The PrKF file update begins...
      the file selection returns SC_ERROR_FILE_NOT_FOUND [correct]
      file creation begins...
        parent is selected successfully
        parent is unsuccessfully authenticated to
     .... key generation aborts


Thanks!
--
Thomas Harning
@ Identity Alliance
     
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Reply via email to