Hi again, I've been trying to work some kinks out of the Muscle Plugin and have found that the PKCS11 library is having issues with things. I'm trying to make sure that I get the PIN number and verify before operations, so I have the plugin select a file and authenticate to it as per the examples in other pkcs15-init card implementations (such as cryptoflex). However... the authentication fails w/ P11 because P11 uses a separate PIN system (pkcs11-tool logs into the card w/ the -l flag)... when key generation is further along, it needs to create the PrKF file... it uses the sc_pkcs15init_authenticate call to check w/ the file for authentication... but since there are no PIN callbacks and the keycache is disabled, the authentication fails.
Here's a short rundown of what happens: Me -> executes: pkcs11-tool -l -k rsa:1024 pkcs11-tool: Validates my PIN to the card Begins key generation process p11 library: ... muscle-plugin: looks up the path for the key authenticates to that path -- fails because no cached key data and no PIN callbacks (recent modification ignores the return value since if the user really wasn't authenticated, the key generation itself would fail) key is generated public key is extracted PrKDF entry begins updating -- after the PrKF file is encoded within sc_pkcs15init_update_any_df The PrKF file update begins... the file selection returns SC_ERROR_FILE_NOT_FOUND [correct] file creation begins... parent is selected successfully parent is unsuccessfully authenticated to .... key generation aborts Thanks! -- Thomas Harning @ Identity Alliance _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel