Hello, I was trying OpenSC version 0.12.0-svn with Muscle cardlet, in order to verify its compatibility with TLS and client authentication on a web site. Finally I've been able to make an authentication but it's a little bit "tricky",
I found this method completely by chance, the only way to make it work for me was : 1)After loading the cardlet in the card: initialize the card with OpenSC * 0.11.4* (create structure , initialize pin code, create keys, certificate request...) 2)Then get the OpenSC version 0.12.0-svn (or 0.11.13) in order to obtain the PKCS11 driver: "opensc-pkcs11.so" and put it in the browser Firefox( or Iceweasel) concerned Then I can go on the website and the authentication works fine. But if I initialize the card with OpenSC 0.11.13 or 0.12.0-svn , I've got the following errors( see Log1.txt). I've compiled the last Muscle cardlet from Debian svn, with ant using Javacard kit 2.2.2 (with the most options possibles like : -DWITH_EXT_APDU, -DWITH_RSA_2048, -DWITH_JC22, -DWITH_3DES, -DWITH_PIN_POLICY) and I've used an Oberthur cosmo V7 for this tests, btw, the TLS authentication works too with 2048 RSA keys. (I precise that I used OpenSC 0.12.0 from *svn of June*, not the last) (PS: Except the 0.11.13 and 0.12.0-svn versions, I had only the 0.11.4 version on my PCs, but it probably works with other ones) regards, Gilles
// OpenSC 0.11.13 r...@ubuntu:/home/vm/Desktop# pkcs15-init -G RSA -a 1 -v -u sign,decrypt --split-key Using reader with a card: Gemplus GemPC Twin 00 00 Connecting to card in reader Gemplus GemPC Twin 00 00... Using card driver Muscle Card Driver. Found MUSCLE About to generate key. User PIN required. Please enter User PIN: [pkcs15-init] iso7816.c:102:iso7816_check_sw: Unknown SWs; SW1=9C, SW2=03 [pkcs15-init] muscle.c:558:msc_generate_keypair: returning with: Card command failed [pkcs15-init] card.c:678:sc_card_ctl: returning with: Card command failed [pkcs15-init] pkcs15-muscle.c:272:muscle_generate_key: Unable to generate key [pkcs15-init] pkcs15-muscle.c:273:muscle_generate_key: returning with: Card command failed Failed to generate key: Card command failed //OpenSC 0.12.0-svn debian:/home/admin1/Desktop# pkcs15-init -G RSA -a 1 -v -u sign,decrypt Using reader with a card: Gemplus GemPC Twin 00 00 Connecting to card in reader Gemplus GemPC Twin 00 00... Using card driver MuscleApplet. Found MUSCLE About to generate key. User PIN [User PIN] required. Please enter User PIN [User PIN]: Failed to generate key: Not allowed
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
