Viktor TARASOV wrote:
Aventra development wrote:
pkcs11-tool works, but pkcs#11 module does not when using Firefox).
Other problems with firefox is that certificate enrollment does not
work when using the pkcs#11 module, e.g. when using this site:
pkitest.gdm.de/starsign
Actually in MyEID profile some operations that should be executed
during the card enrollment are protected
by SOPIN.
It's rather difficult to supply SOPIN for PKCS#11 module inside the
User session.
Here is patch with the working version of MyEID profile.
Not all changes in this patch are justified, but it can be tuned later.
There is also the problem of 'Multiple ACLs'
http://www.opensc-project.org/pipermail/opensc-devel/2010-September/014803.html
Here is also the patch that allows (in a temporary manner) to pass-by
the problem of 'Multiple ACLs'.
With these two patchs I can import pkcs12 with Firefox in Windows.
PIN change/unblock with pkcs15-tool also 'working for me'.
Finally 'Multiple ACLs' do not concerns your card,
is you would make some changes to the ACLs of the xDF files in your card
profile.
Here is the 'diff' to your profile, that works for me with opensc-pkcs11
& Firefox on Windows.
Kind wishes,
Viktor.
Index: src/pkcs15init/myeid.profile
===================================================================
--- src/pkcs15init/myeid.profile (révision 4714)
+++ src/pkcs15init/myeid.profile (copie de travail)
@@ -92,13 +92,13 @@
DF PKCS15-AppDF {
type = DF;
file-id = 5015;
- acl = DELETE=NONE, CREATE=$SOPIN;
+ acl = DELETE=NONE, CREATE=$PIN;
EF PKCS15-ODF {
file-id = 5031;
structure = transparent;
size = $odf-size;
- acl = READ=NONE, UPDATE=$SOPIN, DELETE=$SOPIN;
+ acl = READ=NONE, UPDATE=$PIN, DELETE=$PIN;
}
EF PKCS15-TokenInfo {
@@ -118,53 +118,53 @@
file-id = 4401;
structure = transparent;
size = $aodf-size;
- acl = READ=NONE, UPDATE=$SOPIN, DELETE=$SOPIN;
+ acl = *=NEVER, READ=NONE, UPDATE=$SOPIN,
DELETE=$SOPIN;
}
EF PKCS15-PrKDF {
file-id = 4402;
structure = transparent;
size = $prkdf-size;
- acl = READ=NONE, UPDATE=$PIN, DELETE=$SOPIN;
+ acl = *=NEVER, READ=NONE, UPDATE=$PIN, DELETE=$PIN;
}
EF PKCS15-PuKDF {
file-id = 4403;
structure = transparent;
size = $pukdf-size;
- acl = READ=NONE, UPDATE=$PIN, DELETE=$SOPIN;
+ acl = *=NEVER, READ=NONE, UPDATE=$PIN, DELETE=$PIN;
}
EF PKCS15-CDF {
file-id = 4404;
structure = transparent;
size = $cdf-size;
- acl = READ=NONE, UPDATE=$PIN, DELETE=$SOPIN;
+ acl = *=NEVER, READ=NONE, UPDATE=$PIN, DELETE=$PIN;
}
EF PKCS15-DODF {
file-id = 4405;
structure = transparent;
size = $dodf-size;
- acl = READ=NONE, UPDATE=$PIN, DELETE=$SOPIN;
+ acl = *=NEVER, READ=NONE, UPDATE=$PIN, DELETE=$PIN;
}
EF template-private-key {
type = internal-ef;
file-id = 4B01;
- acl = CRYPTO=$PIN, UPDATE=$PIN, DELETE=$SOPIN,
GENERATE=$PIN;
+ acl = *=NEVER, CRYPTO=$PIN, UPDATE=$PIN, DELETE=$SOPIN,
GENERATE=$PIN;
}
EF template-public-key {
structure = transparent;
file-id = 5501;
- acl = READ=NONE, UPDATE=$PIN, DELETE=$SOPIN,
GENERATE=$PIN;
+ acl = *=NEVER, READ=NONE, UPDATE=$PIN, DELETE=$SOPIN,
GENERATE=$PIN;
}
EF template-certificate {
file-id = 4301;
structure = transparent;
- acl = READ=NONE, UPDATE=$PIN, DELETE=$SOPIN;
+ acl = *=NEVER, READ=NONE, UPDATE=$PIN, DELETE=$SOPIN;
}
template key-domain {
@@ -173,19 +173,19 @@
EF private-key {
file-id = 4B00;
type = internal-ef;
- acl = READ=NONE, UPDATE=$PIN, DELETE=$SOPIN,
GENERATE=$PIN;
+ acl = *=NEVER, READ=NONE, UPDATE=$PIN,
DELETE=$SOPIN, GENERATE=$PIN;
}
EF public-key {
file-id = 5500;
structure = transparent;
- acl = READ=NONE, UPDATE=$PIN, DELETE=$SOPIN,
GENERATE=$PIN;
+ acl = *=NEVER, READ=NONE, UPDATE=$PIN,
DELETE=$SOPIN, GENERATE=$PIN;
}
# Certificate template
EF certificate {
file-id = 4300;
structure = transparent;
- acl = READ=NONE, UPDATE=$PIN, DELETE=$SOPIN;
+ acl = *=NEVER, READ=NONE, UPDATE=$PIN, DELETE=$SOPIN;
}
}
}
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
