[opensc-devel] OpenSC-0.12.0 and Spanish DNIe

Fri, 10 Sep 2010 08:52:53 -0700 

Sorry for this horrible translation but no time for goodness... 

http://www.kriptopolis.org/opensc-dnie-linux#comment-58005

-----------------------------------------------------------------------
The good news:

Using github Martin's repository, whit recent changes, and providing
correct SM keys:

        git clone git://github.com/martinpaljak/OpenSC.git -b dnie
        cd OpenSC
    ./bootstrap; configure; make; sudo make install

After compiling as usual, we can get this output in Fedora 13:

        [janto...@router ~]$ opensc-tool -i
        opensc 0.12.0-svn [gcc 4.4.4 20100630 (Red Hat 4.4.4-10)]
        Enabled features: zlib readline iconv openssl
        pcsc(libpcsclite.so.1)
        [janto...@router ~]$ pkcs15-tool -c
        Using reader with a card: C3PO LTC31 (10000000) 00 00
        X.509 Certificate [CertAutenticacion]
        Flags : 3
        Authority: no
        Path : 3f0060817004
        ID : 4138363639413238303730354638453230303930353235313033353232
        
        X.509 Certificate [CertFirmaDigital]
        Flags : 3
        Authority: no
        Path : 3f0060817005
        ID : 4638363639413238303730354638453230303930353235313033353232
        
        X.509 Certificate [CertCAIntermediaDGP]
        Flags : 2
        Authority: no
        Path : 3f0060617006
        ID : 5338363639413238303730354638453230303930353235313033353232
        Encoded serial: 02 10 38346ABA656B04B944057F34347BE9AE

This version does not use dynload capabilities. dnie is compiled into
libopensc, so no need to change opensc.conf. Just compile and install

The bad news:

When enabling opensc-pkcs11 in firefox. the program needs too many time
to start. when going to DGP web page for DNI verification, ask for pin
but hangs till message: "sec_error_pkcs11_general_error" appears.

Hung is so big that i need to unplug-plug card reader and restart pcscd

The regular news:

Apparently opensc-pkcs11 seems to work fine. The culprit is (as usual)
Firefox:

        [janto...@router ~]$ pkcs11-tool -L
        Available slots:
        Slot 4294967295 Virtual hotplug slot
        (empty)
        Slot 1 C3PO LTC31 (10000000) 00 00
        token label: DNI electrónico (PIN1)
        token manuf: DGP-FNMT
        token model: PKCS#15
        token flags: rng, login required, PIN initialized, token
        initialized
        serial num : 8669A280705F8E
        Slot 2 C3PO LTC31 (10000000) 00 00
        (empty)
        Slot 3 C3PO LTC31 (10000000) 00 00
        (empty)
        Slot 4 C3PO LTC31 (10000000) 00 00
        (empty)
        [janto...@router ~]$ pkcs11-tool --slot 1 -p MyPasswd -O
        Certificate Object, type = X.509 cert
        label: CertCAIntermediaDGP
        ID: 5338363639413238303730354638453230303930353235313033353232
        Public Key Object; RSA 2048 bits
        label: CertCAIntermediaDGP
        ID: 5338363639413238303730354638453230303930353235313033353232
        Usage: encrypt, verify
        

So thanks to Martin we have got a great progress, but there are still
a lot of work...

-----------------------------------------------------------------------
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Reply via email to