Hi all,
On Sun, Mar 28, 2010 at 09:53:08AM +0200, Jean-Michel Pour? - GOOZE wrote:
> Dear friends,
>
> I searched for a smart card GUI and could not find any.
>
> After having a look around, I think that GnoMint and Seahorse could be a
> good candidates, because they offer basic X.509 certificate management
XCA[1] offers advanced certificate management functionality via QT GUI and
uses PKCS#11 to access smart cards. The currently released version (0.8.1)
supports:
- reading certificates and public keys from the card
- using a smart-card-key for signing (sign certificates by CA, sign CRL,
create PKCS#10 request)
The next version[2] is almost ready and supports:
- generate keypair on the card
- write and delete keys and certificates on smart cards
As long as the configured PKCS#11 library supports the functionality,
IMHO XCA can be considered a Smartcard GUI.
I tested with opensc-pkcs11, opencryptoki and Aladdin PKIclient
> features. I sent project leaders a Feitian PKI smartcard.
I also got one.
First I noticed that deleting keys and certificates via
openssl-pkcs11.so does not work because
sc_pkcs11_object_ops.destroy_object() is only implemented for data
objects.
I created the attached patch to cure it.
When it came to testing I noticed that it still did not work, because
card-entersafe.c contains: "entersafe_ops.delete_file = NULL;"
This was the point to give it up :-)
Is it really as simple as the attached, untested patch shows to support
deleting PKCS#11 certificate and key objects ?
best regards
Christian
[1] http://sourceforge.net/projects/xca/files/
[2]
http://xca.git.sourceforge.net/git/gitweb.cgi?p=xca/xca;a=snapshot;h=HEAD;sf=tgz
--- opensc-0.11.13/src/pkcs11/framework-pkcs15.c 2010-02-16 10:03:25.000000000 +0100
+++ opensc-0.11.13.new/src/pkcs11/framework-pkcs15.c 2010-03-26 07:25:17.000000000 +0100
@@ -157,6 +157,8 @@
struct sc_pkcs11_slot *slot);
static int reselect_app_df(sc_pkcs15_card_t *p15card);
+static CK_RV pkcs15_any_destroy(struct sc_pkcs11_session *session, void *object);
+
/* PKCS#15 Framework */
static CK_RV pkcs15_bind(struct sc_pkcs11_card *p11card)
@@ -2044,7 +2046,7 @@
pkcs15_cert_set_attribute,
pkcs15_cert_get_attribute,
pkcs15_cert_cmp_attribute,
- NULL,
+ pkcs15_any_destroy,
NULL,
NULL,
NULL,
@@ -2411,7 +2413,7 @@
pkcs15_prkey_set_attribute,
pkcs15_prkey_get_attribute,
sc_pkcs11_any_cmp_attribute,
- NULL,
+ pkcs15_any_destroy,
NULL,
pkcs15_prkey_sign,
pkcs15_prkey_unwrap,
@@ -2577,7 +2579,7 @@
pkcs15_pubkey_set_attribute,
pkcs15_pubkey_get_attribute,
sc_pkcs11_any_cmp_attribute,
- NULL,
+ pkcs15_any_destroy,
NULL,
NULL,
NULL,
@@ -2721,9 +2723,9 @@
return CKR_OK;
}
-static CK_RV pkcs15_dobj_destroy(struct sc_pkcs11_session *session, void *object)
+static CK_RV pkcs15_any_destroy(struct sc_pkcs11_session *session, void *object)
{
- struct pkcs15_data_object *obj = (struct pkcs15_data_object*) object;
+ struct pkcs15_any_object *obj = (struct pkcs15_any_object*) object;
struct sc_pkcs11_card *card = session->slot->card;
struct pkcs15_fw_data *fw_data = (struct pkcs15_fw_data *) card->fw_data;
struct pkcs15_slot_data *data = slot_data(session->slot->fw_data);
@@ -2746,20 +2748,20 @@
add_pins_to_keycache(card, session->slot);
/* Delete object in smartcard */
- rv = sc_pkcs15init_delete_object(fw_data->p15_card, profile, obj->base.p15_object);
+ rv = sc_pkcs15init_delete_object(fw_data->p15_card, profile, obj->p15_object);
/* Do we have to try a re-login and then try to delete again? */
if (rv == SC_ERROR_SECURITY_STATUS_NOT_SATISFIED) {
rv = revalidate_pin(data, session);
if (rv == 0)
- rv = sc_pkcs15init_delete_object(fw_data->p15_card, profile, obj->base.p15_object);
+ rv = sc_pkcs15init_delete_object(fw_data->p15_card, profile, obj->p15_object);
}
if (rv >= 0) {
/* pool_find_and_delete is called, therefore correct refcont
* Oppose to pkcs15_add_object */
- --((struct pkcs15_any_object*)object)->refcount;
+ --(obj->refcount);
/* Delete object in pkcs15 */
- rv = __pkcs15_delete_object(fw_data, (struct pkcs15_any_object*)object);
+ rv = __pkcs15_delete_object(fw_data, obj);
}
sc_pkcs15init_unbind(profile);
@@ -2776,7 +2778,7 @@
pkcs15_dobj_set_attribute,
pkcs15_dobj_get_attribute,
sc_pkcs11_any_cmp_attribute,
- pkcs15_dobj_destroy,
+ pkcs15_any_destroy,
NULL,
NULL,
NULL,
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
