On Mon, Mar 29, 2010 at 11:23:29AM +0300, Martin Paljak wrote: > On Mar 28, 2010, at 17:07 , Christian Hohnstaedt wrote: > > On Sun, Mar 28, 2010 at 09:53:08AM +0200, Jean-Michel Pour? - GOOZE wrote: > >> Dear friends, > >> > >> I searched for a smart card GUI and could not find any. > >> > >> After having a look around, I think that GnoMint and Seahorse could be a > >> good candidates, because they offer basic X.509 certificate management > > > > XCA[1] offers advanced certificate management functionality via QT GUI and > > uses PKCS#11 to access smart cards. The currently released version (0.8.1) > > supports: > > - reading certificates and public keys from the card > > - using a smart-card-key for signing (sign certificates by CA, sign CRL, > > create PKCS#10 request) > > > > The next version[2] is almost ready and supports: > > - generate keypair on the card > > - write and delete keys and certificates on smart cards > > > > As long as the configured PKCS#11 library supports the functionality, > > IMHO XCA can be considered a Smartcard GUI. > Indeed, in this context. > > I downloaded the DMG to try it out. > Trying to load OpenSC PKCS#11 I got an error about engine_pkcs11 which path > is hard-coded to /usr/lib/engines/ and of course did not exist on my mac. > Maybe you can put the engine into your application bundle?
My problem with the OS-X version is that I do not own a MAC and must borrow one to build and test XCA on a MAC. I did not test the smart card functionality on MAC, yet. I will add the engine_pkcs11 and test it before releasing the next version. > > I'll need to try with Linux as well but basically it must be added to > ApplicationSupport [1] especially if you say you have tested it with > opensc-pkcs11.so :) Done BTW: Thanks to the developers of "pkcs11-spy". It helped me very much! > > > > First I noticed that deleting keys and certificates via > > openssl-pkcs11.so does not work because > > sc_pkcs11_object_ops.destroy_object() is only implemented for data > > objects. > Nice catch, a missing feature! > > > I created the attached patch to cure it. > > When it came to testing I noticed that it still did not work, because > > card-entersafe.c contains: "entersafe_ops.delete_file = NULL;" > > This was the point to give it up :-) > > > > Is it really as simple as the attached, untested patch shows to support > > deleting PKCS#11 certificate and key objects ? > Care to file it on [2] together with the patch so it won't be forgotten? Done > > [1] http://www.opensc-project.org/opensc/wiki/ApplicationSupport > [2] http://www.opensc-project.org/opensc/newticket Christian _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
