Hello Jean-Michel, On 11.01.2010, at 15:52, Jean-Michel Pouré wrote: > * I would like to add a page with dummy certificates on the wiki. One > root CA, one secondary CAs and several certs. So that users only have to > download them to test command lines. Would you favor that ? For pure test purposes, it would be OK, but for generic educational purposes I would suggest making YetAnotherSelfSignedSnakeOilOpenSSLCAGenerationGuide which the user could just copy-paste.
> * pkcs11-tool and pkcs15-init have some common tools. For example, it is > possible to generate an RSA key. But I could not find information about > pkcs11-tool on the wiki. Is pkcs11-tool deprecated? Definitely not. You might find glitches and shortcomings with pkcs11-tool but that would just benefit OpenSC as we could see the problems and fix them. > * Until now, my attempts to transfer a key to a smartcard did not > succeed (Feitian cards). > > For example, I tried: > pkcs15-init -S foobar.pkcs12 -f PKCS12 --auth-id 01 --pin 0000 > --insecure --passphrase "XXXXXX" Why don't you want to generate the keys on the card? Under normal circumstances that's the thing smart cards are for. Why do you mix --auth-id and --insecure? Is the auth-id 01 required to import a key? > > but it failed with error messages. > > Importing 1 certificates: > 0: /C=FR/L=Paris/O=Foobar organisation/CN=Foobar secondary 1024 CA > pkcs15-init: card-entersafe.c:1047: entersafe_encode_bignum: Assertion > `0' failed. > Aborted I don't know the entersafe code wether this is a problem in entersafe code or a glitch with data generated by pkcs15-init. Please send a longer log. > > Is pkcs15-init fully working? Or is it a Feitian card issue or me not > fully understanding what is possible to do? pkcs15-init is fully working. The failing assert comes from entersafe (feitian) driver code. -- Martin Paljak http://martin.paljak.pri.ee +372.515.6495 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
