Fernando Sanchez Chaparro wrote: > Finally, I found how to solve my problem thank to your answers. I > really appreciate the help I have received from this list. > > The problem was that I had initialized the smart card with only the SO > Pin, and therefore the opensc-pkcs11.dll didn't find any slot. Using > the onepin profile (pkcs15-init -ECT -p pkcs15+onepin) now I can > interact with the smart card. I'm able to: > -- login/logout > -- list objects (public and private) > -- generate pair keys > -- change Pins > -- change the objects labels and ids > -- etc. > > However, now I have a different problem with my development, I'm not > able to delete an object. I have linked the pkcs11-spy.dll in order to > get more information when I invoke the C_DestroyObject function. The > output the spy shows is: > > / 37: C_DestroyObject > [in] hSession = 0x1 > [in] hObject = 0x4 > Returned: 84 CKR_FUNCTION_NOT_SUPPORTED/ > > > Does someone have any clue that what it is happening?
What kind of object do you trying to delete? Actually C_DestroyObject is supported only for the 'DATA' object. > > Thank everybody very much. > Kind regards. Kind wishes, Viktor. > > > 2010/2/1 Andreas Jellinghaus <a...@dungeon.inka.de > <mailto:a...@dungeon.inka.de>> > > are you trying to get new blank card initialized with opensc to work, > or are you trying to get cards with that vendors software to work > with opensc? > > > if that vendor did not implement PKCS#15 on the cards, the resulting > card might not be compatible with opensc. > > opensc is supposed to be compatible with some vendors software such > as A.E.S., but while users report success, their strange license > actualy forbids using cards initialized with their software with > opensc. > not sure if such a clause is valid, I guess not at all. > > to initialize a blank card with opensc see the wiki (QuickStart). > > for a basic check of opensc first: does opensc find your reader? > opensc-tool -r should tell you. does opensc find the card? > opensc-tool -a should show the atr. > > > is your card supported by opensc? I guess so, the atr you mentioned > is old and well known. > > so if pkcs11-tool only shows empty slots (I guess without --module > option / thus with opensc-pkcs11.dll), then your card is most likely > empty or initialized in an incompatible (i.e. not PKCS#15) way. > > if you want to use a blank card with opensc, then initialize it first > (at least the first pkcs15-init --create call,maybe best with > onepin profile), and then you should be able to use the card with > pkcs11-tool. > > if you want to try pkcs11-tool, but with your vendors pkcs#11 > module, use the "--module" option. > > > if you want to use pkcs11-spy.dll with your application > (with either module), you need to set some environment > variables of course. see the wiki or google for details. > > > > I've configured the debug=9 in other to get more information. > You can find > > the log attached to this mail "pkcs11_test_login.txt". > > looks fine to me. but the card has only a security officer, but no > normal > user pin. that won't work fine with opensc-pkcs11.so. > > try to init it with "onepin" option, or use "pkcs15-init" to > create a pin, > rsa key, store a certifcate etc. and then try again. > > > > > > My problems begin when I try to invoke the function > C_GetSlotList of > > > > the opensc-pcks11.dll library. I'm not able to find a slot with > > > > information. All the slot available seem to be empty. The > code I'm > > > > trying to execute can be find below: > > > > > > pkcs11-tool should show some slots. if it does, the problem is > most > > > likely in your application. if it does not, something is wrong > with > > > opensc or its configuration. > > > > pkcs11-tool -L show me the slots but they are always empty. > > the only card found in the log file is empty (except for a > security officer > pin), so I guess that is the problem. > > if you want to create a "security officer"-pin and a normal pin, > and then > create keys/certificates/... via pkcs#11 api, that usualy doesn't > work well > (pkcs#11 is not designed for several PINs needed for some action). > so I > suggest to use the "onepin" profile with your card, thus you have only > one PIN (plus an optional unblocking PIN (PUK) if you want), and > pkcs#11 > works much easier with that. > > > I've used my > > application with the manufacturer libraries and it works > appropriately. So > > I think my problem could be related to my opensc configuration. > I didn't > > modify the opensc.conf file because i'm using a usual card > supported by > > opensc, Do I have to modify it? > > I don't think so, at least it looks to me like there is no problem. > > > Opensc-tool -a show the next information about my > > ATR: 3b:b7:94:00:81:31:fe:65:53:50:4b:32:33:90:00:d1 > > > > I think it is the common ATR for starcos 2.3, besides I've found > this ATR > > code in the sources of opensc project into > /libopensc/card-starcos.c. > > yes, looks like a well known and supported card. > > I hope you have a "test" version of the card, otherwise you can't > erase it. > (starcos "feature" - nothing we can do about...) > > > When I link the pkcs11-spy into my example program i get the > next message: > > General error. > > I'm afraid it is not very helpful. > > did you set the environment variables? see the wiki page or google for > details. > > Hope this helps. good luck! > > Regards, Andreas > > > ------------------------------------------------------------------------ > > _______________________________________________ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel -- Viktor Tarasov <viktor.tara...@opentrust.com> _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
