Re: [opensc-devel] Feitian ePass+SCR301 problem

Wed, 12 May 2010 09:19:29 -0700 


Jan Just Keijser wrote:

Jean-Michel Pouré - GOOZE wrote:

On Fri, 2010-05-07 at 12:36 +0200, Jan Just Keijser wrote:

  

I will test it with openssl 0.9.8 next week

    

I think the alternative would be to generate the keys/certificates

outside the smartcard and transfer them to smartcard. 


Everything is explained here:
http://www.gooze.eu/howto/smartcard-quickstarter-guide/generating-transferring-and-extracting-x-509-certificates


  

These are two separate test:
I can generate onboard keys if i use pcsc-lite-1.5.6-svn-* .

The second test is:

A valid private key + certificate are transferred to the smartcard 
(using pkcs15-init -X/-S); I cannot sign a certificate request using the 
key on the smartcard no matter which version of pcsc-lite I try.  I will 
try this in combination with openssl 0.9.8 this week.


I ran into this problem when trying to use the engine code with the private key,
from the openssl req command.

The load_key would always pass in FORMAT_PEM rather then FORMAT_ENGINE
The attached mode uses -keyform engine

The patch was to an early 0.9.8 version.

openssl << EOT
engine dynamic -vvvv -pre SO_PATH:$OPENSC_ENGINE/engines/engine_pkcs11.so
 -pre ID:pkcs11 -pre NO_VCHECK:1 -pre LIST_ADD:1 -pre LOAD
 -pre MODULE_PATH:$OPENSC_PATH/opensc-pkcs11.so
version
req $SSLEAY_CONFIG -engine pkcs11 -md5 -new  -key slot_0-id_$ID
 -keyform engine -out cards/$1.myreq.$KEYID.pem  -text

EOT

Note lines were wrapped for this e-mail.



cheers,

JJK


_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel


--

 Douglas E. Engert  <deeng...@anl.gov>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439
 (630) 252-5444

--- apps/,x509.c	Sat Jul 16 06:13:03 2005
+++ apps/x509.c	Fri May  5 11:07:47 2006
@@ -964,7 +964,7 @@
 				else
 					{
 					pk=load_key(bio_err,
-						keyfile, FORMAT_PEM, 0,
+						keyfile, keyformat /*FORMAT_PEM*/, 0,
 						passin, e, "request key");
 					if (pk == NULL) goto end;
 					}

_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel





















					Reply via email to