Andreas Jellinghaus wrote:
> Hi,
>
> maybe I can find some time to at least put out some new releases
> of everything (that has changes). is this a good idea?
>
> are there any patches waiting for a merge?
> and show-stopper bugs we should fix before (or patched to undo
> if they don't work ok right now)?
>
I tried to compile latest bits from svn and check how it works with rutoken
i get
"error: PKCS11 function C_CreateObject failed: rv =
CKR_ATTRIBUTE_VALUE_INVALID (0x13)"
then i tried to write back signed cert
steps:
1) format card
$ pkcs15-init -E -p rutoken
Using reader with a card: ruToken driver
2) generate key pair
$ pkcs11-tool --keypairgen --key-type rsa:2048 --login --label "user" --id 1
Please enter User
PIN:
Key pair
generated:
Private Key Object;
RSA
label:
user
ID:
01
Usage: decrypt, sign,
unwrap
Public Key Object; RSA 2048
bits
label:
user
ID:
01
Usage: encrypt, verify, wrap
3) generate csr and sign it
$ openssl req -engine pkcs11 -keyform engine -key 1 -new -text -out
newcert.csr -subj "/CN=User"
engine "pkcs11"
set.
PKCS#11 token PIN:
$ openssl x509 -req -days 365 -in newcert.csr -CA ca.crt -CAkey ca.key
-set_serial 01 -out newcert.crt
Signature
ok
subject=/CN=User
Getting CA Private
Key
$ openssl x509 -in newcert.crt -outform der -out newcert.der
4) try to write it back
$ pkcs11-tool -w newcert.der --type cert --login --label "user" --id 1
Please enter User
PIN:
error: PKCS11 function C_CreateObject failed: rv =
CKR_ATTRIBUTE_VALUE_INVALID (0x13)
Aborting.
last step with debug output:
[opensc-pkcs11] pkcs11-object.c:43:C_CreateObject: C_CreateObject():
CKA_TOKEN = TRUE
[opensc-pkcs11] pkcs11-object.c:43:C_CreateObject: C_CreateObject():
CKA_VALUE = 308203DA308201C2020101300D06092A864886F70D01010505003057310B3009
[opensc-pkcs11] pkcs11-object.c:43:C_CreateObject: C_CreateObject():
CKA_CLASS = CKO_CERTIFICATE
[opensc-pkcs11] pkcs11-object.c:43:C_CreateObject: C_CreateObject():
CKA_CERTIFICATE_TYPE = CKC_X_509
[opensc-pkcs11] pkcs11-object.c:43:C_CreateObject: C_CreateObject():
CKA_LABEL = user
[opensc-pkcs11] pkcs11-object.c:43:C_CreateObject: C_CreateObject():
CKA_ID = 01
[opensc-pkcs11] pkcs11-object.c:43:C_CreateObject: C_CreateObject():
CKA_SUBJECT = 300F310D300B0603550403130455736572
[opensc-pkcs11] pkcs11-object.c:43:C_CreateObject: C_CreateObject():
CKA_ISSUER =
3057310B3009060355040613025255311330110603550408130A536F6D652D53
[opensc-pkcs11] pkcs11-object.c:43:C_CreateObject: C_CreateObject():
CKA_SERIAL_NUMBER = 020101
[opensc-pkcs11] card.c:285:sc_lock: called
[opensc-pkcs11] reader-openct.c:420:openct_reader_lock: called
[opensc-pkcs11] card.c:668:sc_card_ctl: called
[opensc-pkcs11] card-rutoken.c:1389:rutoken_card_ctl: called
[opensc-pkcs11] card-rutoken.c:1435:rutoken_card_ctl:
SC_CARDCTL_LIFECYCLE_SET not supported
[opensc-pkcs11] card-rutoken.c:1436:rutoken_card_ctl: returning
SC_ERROR_NOT_SUPPORTED
[opensc-pkcs11] card.c:675:sc_card_ctl: card_ctl(4) not supported
[opensc-pkcs11] card.c:532:sc_select_file: called; type=2, path=3f0050154946
[opensc-pkcs11] card-rutoken.c:383:rutoken_select_file: called
[opensc-pkcs11] card-rutoken.c:391:rutoken_select_file:
path = 3f 00 50 15 49 46
type = 2
[opensc-pkcs11] apdu.c:516:sc_transmit_apdu: called
[opensc-pkcs11] card.c:285:sc_lock: called
[opensc-pkcs11] card.c:312:sc_unlock: called
[opensc-pkcs11] card-rutoken.c:220:rutoken_check_sw: File (DO) not found
[opensc-pkcs11] card-rutoken.c:221:rutoken_check_sw: sw1 = 6a, sw2 = 82
[opensc-pkcs11] card-rutoken.c:469:rutoken_select_file: returning with:
-1201
[opensc-pkcs11] card.c:554:sc_select_file: returning with: -1201
[opensc-pkcs11] profile.c:317:sc_profile_load: Trying profile file
/usr/share/opensc/pkcs15.profile
[opensc-pkcs11] profile.c:325:sc_profile_load: profile
/usr/share/opensc/pkcs15.profile loaded ok
[opensc-pkcs11] profile.c:317:sc_profile_load: Trying profile file
/usr/share/opensc/rutoken.profile
[opensc-pkcs11] profile.c:325:sc_profile_load: profile
/usr/share/opensc/rutoken.profile loaded ok
[opensc-pkcs11] card.c:312:sc_unlock: called
[opensc-pkcs11] reader-openct.c:447:openct_reader_unlock: called
error: PKCS11 function C_CreateObject failed: rv =
CKR_ATTRIBUTE_VALUE_INVALID (0x13)
Any idea?
--
Pavel
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
