Finally, I found how to solve my problem thank to your answers. I really appreciate the help I have received from this list.
The problem was that I had initialized the smart card with only the SO Pin, and therefore the opensc-pkcs11.dll didn't find any slot. Using the onepin profile (pkcs15-init -ECT -p pkcs15+onepin) now I can interact with the smart card. I'm able to: -- login/logout -- list objects (public and private) -- generate pair keys -- change Pins -- change the objects labels and ids -- etc. However, now I have a different problem with my development, I'm not able to delete an object. I have linked the pkcs11-spy.dll in order to get more information when I invoke the C_DestroyObject function. The output the spy shows is: * 37: C_DestroyObject [in] hSession = 0x1 [in] hObject = 0x4 Returned: 84 CKR_FUNCTION_NOT_SUPPORTED* Does someone have any clue that what it is happening? Thank everybody very much. Kind regards. 2010/2/1 Andreas Jellinghaus <a...@dungeon.inka.de> > are you trying to get new blank card initialized with opensc to work, > or are you trying to get cards with that vendors software to work > with opensc? > if that vendor did not implement PKCS#15 on the cards, the resulting > card might not be compatible with opensc. > > opensc is supposed to be compatible with some vendors software such > as A.E.S., but while users report success, their strange license > actualy forbids using cards initialized with their software with opensc. > not sure if such a clause is valid, I guess not at all. > > to initialize a blank card with opensc see the wiki (QuickStart). > > for a basic check of opensc first: does opensc find your reader? > opensc-tool -r should tell you. does opensc find the card? > opensc-tool -a should show the atr. > is your card supported by opensc? I guess so, the atr you mentioned > is old and well known. > > so if pkcs11-tool only shows empty slots (I guess without --module > option / thus with opensc-pkcs11.dll), then your card is most likely > empty or initialized in an incompatible (i.e. not PKCS#15) way. > > if you want to use a blank card with opensc, then initialize it first > (at least the first pkcs15-init --create call,maybe best with > onepin profile), and then you should be able to use the card with > pkcs11-tool. > > if you want to try pkcs11-tool, but with your vendors pkcs#11 > module, use the "--module" option. > if you want to use pkcs11-spy.dll with your application > (with either module), you need to set some environment > variables of course. see the wiki or google for details. > > > I've configured the debug=9 in other to get more information. You can > find > > the log attached to this mail "pkcs11_test_login.txt". > > looks fine to me. but the card has only a security officer, but no normal > user pin. that won't work fine with opensc-pkcs11.so. > > try to init it with "onepin" option, or use "pkcs15-init" to create a pin, > rsa key, store a certifcate etc. and then try again. > > > > > > My problems begin when I try to invoke the function C_GetSlotList of > > > > the opensc-pcks11.dll library. I'm not able to find a slot with > > > > information. All the slot available seem to be empty. The code I'm > > > > trying to execute can be find below: > > > > > > pkcs11-tool should show some slots. if it does, the problem is most > > > likely in your application. if it does not, something is wrong with > > > opensc or its configuration. > > > > pkcs11-tool -L show me the slots but they are always empty. > > the only card found in the log file is empty (except for a security officer > pin), so I guess that is the problem. > > if you want to create a "security officer"-pin and a normal pin, and then > create keys/certificates/... via pkcs#11 api, that usualy doesn't work well > (pkcs#11 is not designed for several PINs needed for some action). so I > suggest to use the "onepin" profile with your card, thus you have only > one PIN (plus an optional unblocking PIN (PUK) if you want), and pkcs#11 > works much easier with that. > > > I've used my > > application with the manufacturer libraries and it works appropriately. > So > > I think my problem could be related to my opensc configuration. I didn't > > modify the opensc.conf file because i'm using a usual card supported by > > opensc, Do I have to modify it? > > I don't think so, at least it looks to me like there is no problem. > > > Opensc-tool -a show the next information about my > > ATR: 3b:b7:94:00:81:31:fe:65:53:50:4b:32:33:90:00:d1 > > > > I think it is the common ATR for starcos 2.3, besides I've found this ATR > > code in the sources of opensc project into /libopensc/card-starcos.c. > > yes, looks like a well known and supported card. > > I hope you have a "test" version of the card, otherwise you can't erase it. > (starcos "feature" - nothing we can do about...) > > > When I link the pkcs11-spy into my example program i get the next > message: > > General error. > > I'm afraid it is not very helpful. > > did you set the environment variables? see the wiki page or google for > details. > > Hope this helps. good luck! > > Regards, Andreas >
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
