On 18/02/2011 10:54, NdK wrote: >>> *But* if I specify a slot too, it asks me for a PIN. Too bad *none* of >>> the PINs I created works: >>> $ openssl req -days 3650 -new -out rootca.csshl.org.csr -config >>> openssl.conf -engine pkcs11 -keyform engine -key 1:10 -sha1 Today openssl refusess to load engine from config (auto-upgraded to openssl-1.0.0a)... Already seen some old topics in list :( But, at least, using "interactive" mode seems to work.
>> Have you tried some other format? slot_XX:id_XX ? (even though it should be >> the same). Having OpenSC log with the relevant C_OpenSession() and C_Login >> lines is useful as well. > Yup. All formats. Same result: slot 0 = no PIN, every other slot asks > 'who knows' PIN. Finally found by trial & error (after unlocking the PINs). In my case slot is 3 and ID is 10. So is slot the PIN# needed to unlock the key? But in that case, why isn't it auto-detected? > Using opensc-explorer, I could see that now I have a locked PIN (the #2). > But "pkcs15-tool -u" gives me a strange prompt: > Enter PUK [Security Officer PIN]: > Enter new PIN [Security Officer PIN]: > Enter new PIN again [Security Officer PIN]: > > So does it need PUK for CHV2, SOPIN or what else? Luckily this card is > just a "test" one, but I'd like *not* having to reformat it... 4 tries > left... Now "fixed" by using opensc-explorer, so I still have a working card. But can do some more tests if needed. BYtE! _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel