Did you try to specify the -i parameter when importing certificates? pkcs15-init --store-certificate cert.pem -v -i 45
where i is the key_id? I didn't try with multiple certs actually, but that's how I imported certificates assigning them to a key. See http://blog.ejbca.org/2010/03/using-pure-opensc-formatted-smart-cards.html Cheers, Tomas On 02/12/2011 01:11 AM, NdK wrote: > Hi all. > > I'm using a MyEID card (got a pack of 5 to test) on a GemPlus USB-SW > reader. OpenSC is 0.12, from Mandriva Cooker (2011alpha) packages. > If I init the card and load a single certificate (actually the one I use > to authenticate on StartSSL.com) it's OK. > I can even generate a 2048 bit key pair for SSH, and it works OK (but I > have to specify "-u decrypt,sign" to meke it work). > > Problems start when I tryto load another cert (I have 3 more, for > different mail addresses; all certs are from StartSSL): it says > Failed to store private key: File too small > > I thought there was not enough space in some file and tried to modify > files sizes in profile (failing everytime... maybe 'cause I don't know > the meaning of those parameters). Then I tried generating some more > keys: no problem w/ 4x2048bit+2x1024bit... So I think there's enough > space... > > Then I tried converting certs to PEM format and load'em w/ > pkcs15-init -a 2 -S $CERTNAME.pem --cert-label $CERTNAME > pkcs15-init -X $CERTNAME.pem -l $CERTNAME > (tried in reverse order too, and w/ --cert-label when using -X) and all > certs gets loaded. But seems private keys aren't "associated" to the > cert. And Firefox and Thunderbird can't see 'em... > > Another strangeness is that when adding keypairs or certificates I'm > asked to enter CHV1, not SOPIN or the PIN I'm asking to use. For example > pkcs15-init -G rsa/2048 -a 2 -u decrypt,sign -l SSH > asks for CHV1, *not* CHV2 os SOPIN! > > Another doubt: what are "slots"? Seems for "pkcs11-tool -L" they're the > PINs, but for text in opensc.conf it seems they're related to the max > number of storable keys... > > Tks! > _______________________________________________ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
