Jan Just Keijser wrote: > Jean-Michel Pouré - GOOZE wrote: > >> On Thu, 2010-05-20 at 12:35 +0200, Jan Just Keijser wrote: >> >> >>> At this point I downloaded and built opensc-0.11.13 >>> >>> >> As explained in the tutorial, you must build OpenSC from SVN version: >> http://www.gooze.eu/howto/smartcard-quickstarter-guide/installing-from-sources >> >> This will fix your problems. >> >> > > I just did a > svn co http://www.opensc-project.org/svn/opensc/trunk opensc > cd opensc > ./bootstrap > ./configure --enable-pcsc --prefix=/user/janjust/local/feitian > --with-pcsc-provider=/usr/lib64/libpcsclite.so.1 > make > make install > then > > $ ./openssl > OpenSSL> engine dynamic -pre > SO_PATH:/user/janjust/local/feitian/lib/engine_pkcs11.so -pre ID:pkcs11 > -pre LIST_ADD:1 -pre LOAD -pre > MODULE_PATH:/user/janjust/local/feitian/lib/opensc-pkcs11.so > (dynamic) Dynamic engine loading support > [Success]: SO_PATH:/user/janjust/local/feitian/lib/engine_pkcs11.so > [Success]: ID:pkcs11 > [Success]: LIST_ADD:1 > [Success]: LOAD > [Success]: MODULE_PATH:/user/janjust/local/feitian/lib/opensc-pkcs11.so > Loaded: (pkcs11) pkcs11 engine > OpenSSL> req -engine pkcs11 -new -key slot_1-id_6606 -keyform engine > -x509 -out cert.pem -text > engine "pkcs11" set. > PKCS#11 token PIN: > You are about to be asked to enter information that will be incorporated > into your certificate request. > What you are about to enter is what is called a Distinguished Name or a DN. > There are quite a few fields but you can leave some blank > For some fields there will be a default value, > If you enter '.', the field will be left blank. > ----- > Country Name (2 letter code) [GB]: > State or Province Name (full name) [Berkshire]: > Locality Name (eg, city) [Newbury]: > Organization Name (eg, company) [My Company Ltd]: > Organizational Unit Name (eg, section) []: > Common Name (eg, your name or your server's hostname) []: > Email Address []: > 28400:error:8000A005:PKCS11 library:PKCS11_rsa_sign:General > Error:p11_ops.c:131: > 28400:error:0D0C3006:asn1 encoding routines:ASN1_item_sign:EVP > lib:a_sign.c:276: > error in req > OpenSSL> quit > > > in other words: same error. > See > http://www.nikhef.nl/~janjust/feitian/opensc-debug.log-20100520 > for the full log >
For me works the following sequence: # pkcs15-init -E # pkcs15-init --profile pkcs15+onepin -C --label "IDX-SCM" --pin "999999" --puk "888888" # pkcs15-init -G rsa1024 -l "Generated" -a 53434d --pin "999999" -u sign,decrypt # pkcs11-tool --module ./build/lib/opensc-pkcs11.so --slot 1 --sign --input-file ./data_128_bytes.bin --output-file ./data.signed You can send here full logs of such session, I'll try to compare. Kind wishes, Viktor. > _______________________________________________ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel > > -- Viktor Tarasov <viktor.tara...@opentrust.com> _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel