Viktor TARASOV wrote: > Jan Just Keijser wrote: > >> Jean-Michel Pouré - GOOZE wrote: >> >> >>> On Thu, 2010-05-20 at 12:35 +0200, Jan Just Keijser wrote: >>> >>> >>> >>>> At this point I downloaded and built opensc-0.11.13 >>>> >>>> >>>> >>> As explained in the tutorial, you must build OpenSC from SVN version: >>> http://www.gooze.eu/howto/smartcard-quickstarter-guide/installing-from-sources >>> >>> This will fix your problems. >>> >>> >>> >> I just did a >> svn co http://www.opensc-project.org/svn/opensc/trunk opensc >> cd opensc >> ./bootstrap >> ./configure --enable-pcsc --prefix=/user/janjust/local/feitian >> --with-pcsc-provider=/usr/lib64/libpcsclite.so.1 >> make >> make install >> then >> >> $ ./openssl >> OpenSSL> engine dynamic -pre >> SO_PATH:/user/janjust/local/feitian/lib/engine_pkcs11.so -pre ID:pkcs11 >> -pre LIST_ADD:1 -pre LOAD -pre >> MODULE_PATH:/user/janjust/local/feitian/lib/opensc-pkcs11.so >> (dynamic) Dynamic engine loading support >> [Success]: SO_PATH:/user/janjust/local/feitian/lib/engine_pkcs11.so >> [Success]: ID:pkcs11 >> [Success]: LIST_ADD:1 >> [Success]: LOAD >> [Success]: MODULE_PATH:/user/janjust/local/feitian/lib/opensc-pkcs11.so >> Loaded: (pkcs11) pkcs11 engine >> OpenSSL> req -engine pkcs11 -new -key slot_1-id_6606 -keyform engine >> -x509 -out cert.pem -text >> engine "pkcs11" set. >> PKCS#11 token PIN: >> You are about to be asked to enter information that will be incorporated >> into your certificate request. >> What you are about to enter is what is called a Distinguished Name or a DN. >> There are quite a few fields but you can leave some blank >> For some fields there will be a default value, >> If you enter '.', the field will be left blank. >> ----- >> Country Name (2 letter code) [GB]: >> State or Province Name (full name) [Berkshire]: >> Locality Name (eg, city) [Newbury]: >> Organization Name (eg, company) [My Company Ltd]: >> Organizational Unit Name (eg, section) []: >> Common Name (eg, your name or your server's hostname) []: >> Email Address []: >> 28400:error:8000A005:PKCS11 library:PKCS11_rsa_sign:General >> Error:p11_ops.c:131: >> 28400:error:0D0C3006:asn1 encoding routines:ASN1_item_sign:EVP >> lib:a_sign.c:276: >> error in req >> OpenSSL> quit >> >> >> in other words: same error. >> See >> http://www.nikhef.nl/~janjust/feitian/opensc-debug.log-20100520 >> for the full log >> >> > > For me works the following sequence: > > # pkcs15-init -E > # pkcs15-init --profile pkcs15+onepin -C --label "IDX-SCM" --pin > "999999" --puk "888888" > # pkcs15-init -G rsa1024 -l "Generated" -a 53434d --pin "999999" -u > sign,decrypt > # pkcs11-tool --module ./build/lib/opensc-pkcs11.so --slot 1 --sign > --input-file ./data_128_bytes.bin --output-file ./data.signed > > > You can send here full logs of such session, I'll try to compare. > >
I don't have access to the card readers right now but I will try this on tuesday and will report my findings here then. cheers, JJK _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
