On 17/02/2011 22:55, Andreas Jellinghaus wrote:
> no, that wiki page is correct and works for me - done it a hundred times.
> it uses the key on the card, and the card does the signature (you cannot
> read the private key, a smart card won't ever give it to you).
Yup. That's why keys are generated on card :)
> so maybe "10" is the wrong key id or something like that?
I generated it with
$ pkcs15-init -G rsa/2048 -a 3 --id 10 -l "Root CA"
and "pkcs15-tool -k" shows, amongt others:
Private RSA Key [Root CA]
Object Flags : [0x3], private, modifiable
Usage : [0x4], sign
Access Flags : [0x1D], sensitive, alwaysSensitive,
neverExtract, local
ModLength : 2048
Key ref : 8
Native : yes
Path : 3f0050154b08
Auth ID : 03
ID : 10
So it seems correct.
*But* if I specify a slot too, it asks me for a PIN. Too bad *none* of
the PINs I created works:
$ openssl req -days 3650 -new -out rootca.csshl.org.csr -config
openssl.conf -engine pkcs11 -keyform engine -key 1:10 -sha1
engine "pkcs11" set.
PKCS#11 token PIN:
Login failed
PKCS11_get_private_key returned NULL
cannot load Private Key from engine
3074688648:error:800050A4:Vendor defined:PKCS11_login:PIN
locked:p11_slot.c:157:
3074688648:error:26096080:engine routines:ENGINE_load_private_key:failed
loading private key:eng_pkey.c:126:
unable to load Private Key
I obviously tried all the PINs (included SOPIN). The strange thing is
that NO PIN is locked after all the tries I did...
Any hint about where to bang my head?
Tks!
BYtE!
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
