On Mar 28, 2010, at 17:07 , Christian Hohnstaedt wrote: > On Sun, Mar 28, 2010 at 09:53:08AM +0200, Jean-Michel Pour? - GOOZE wrote: >> Dear friends, >> >> I searched for a smart card GUI and could not find any. >> >> After having a look around, I think that GnoMint and Seahorse could be a >> good candidates, because they offer basic X.509 certificate management > > XCA[1] offers advanced certificate management functionality via QT GUI and > uses PKCS#11 to access smart cards. The currently released version (0.8.1) > supports: > - reading certificates and public keys from the card > - using a smart-card-key for signing (sign certificates by CA, sign CRL, > create PKCS#10 request) > > The next version[2] is almost ready and supports: > - generate keypair on the card > - write and delete keys and certificates on smart cards > > As long as the configured PKCS#11 library supports the functionality, > IMHO XCA can be considered a Smartcard GUI. Indeed, in this context.
I downloaded the DMG to try it out. Trying to load OpenSC PKCS#11 I got an error about engine_pkcs11 which path is hard-coded to /usr/lib/engines/ and of course did not exist on my mac. Maybe you can put the engine into your application bundle? I'll need to try with Linux as well but basically it must be added to ApplicationSupport [1] especially if you say you have tested it with opensc-pkcs11.so :) > First I noticed that deleting keys and certificates via > openssl-pkcs11.so does not work because > sc_pkcs11_object_ops.destroy_object() is only implemented for data > objects. Nice catch, a missing feature! > I created the attached patch to cure it. > When it came to testing I noticed that it still did not work, because > card-entersafe.c contains: "entersafe_ops.delete_file = NULL;" > This was the point to give it up :-) > > Is it really as simple as the attached, untested patch shows to support > deleting PKCS#11 certificate and key objects ? Care to file it on [2] together with the patch so it won't be forgotten? [1] http://www.opensc-project.org/opensc/wiki/ApplicationSupport [2] http://www.opensc-project.org/opensc/newticket -- Martin Paljak http://martin.paljak.pri.ee +3725156495 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
