Hello, On Aug 24, 2010, at 10:09 AM, Patrik Martinsson wrote: > Question #1, > > Try pkcs11_inspect. > $ pkcs11_inspect > [opensc-pkcs11] iso7816.c:99:iso7816_check_sw: Instruction code not supported > or invalid > [opensc-pkcs11] card.c:588:sc_get_challenge: returning with: Unsupported INS > byte in APDU > PIN for token: xxxx > Printing data for mapper cn: > username > > Works like a charm, however it gives me those two lines which is a bit > worrying/annoying. > What do they mean and is there anything i can do to fix them ? card-setcos.c does not override iso7816.get_challenge, but the card rejects the ISO version. This results in C_GenerateRandom() failing, but I guess pkcs11_inspect will then just use some other random source. OpenSC SVN/0.12+ will not output such internal errors to stderr by default, so you'll not see it in future versions.
If everything is working fine, there's nothing to worry about. If not, then it can be fixed by implementing a proper GET CHALLENGE method in card-setcos.c. If you can sniff the correct APDU for this (or if you have the manual) would be great. Or something in pkcs11_inspect should be fixed to not depend on the smart card module C_GenerateRandom(). > Question #2, > I'm trying to use opensc-pkcs11.so together with gdm-plugin-smartcard. > > That one is failing telling me, "assertion 'slot_id >= 1' failed", obviously > slot_id should be >= than 1, but it isn't and I'm not sure why. That assertion seems to come from something else than OpenSC. Where can the source code of the gdm-plugin-smartcard be downloaded? I suspect the assert is erroneous, as from the PKCS#11 spec: """ A priori, any value of CK_SLOT_ID can be a valid slot identifier—in particular, a system may have a slot identified by the value 0. It need not have such a slot, however. """ Cheers, -- Martin Paljak @martinpaljak.net +3725156495 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
