On 21/02/2011 14:03, Christian Hohnstaedt wrote:
> XCA 0.8.x used the engine_pkcs11.
Ok. In Mandriva I had only 0.8.1 rpm.
> In version 0.9.0, I dropped the need of engine_pkcs11 and use the
> signing routines of the pkcs11 lib directly. Mainly to support multiple
> PKCS11 provider in parallel.
> So maybe XCA 0.9.0 will work for you.
Removed 0.8.1 from RPM and installed newly compiled 0.9.0. But when I
select Token -> Manage Security Token -> "MyEID (Root CA)" (argh! still
"slots" at work! so are they "users" in PIN<=>user 1:1 relation? and why
can't I have keys not associated w/ a PIN, for low-security needs?) it says:
-8<--
The following error occured:
(pki_scard:)
error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared
library
error:25070067:DSO support routines:DSO_load:could not load the shared
library
error:260B6084:engine routines:DYNAMIC_LOAD:dso not found
(pki_key.cpp:273)
-8<--
then says "The token 'MyEID (Root CA)' did not contain any keys or
certificates", but the keys are there (cut from pkcs15-tool -D):
-8<--
PIN [Root CA]
Object Flags : [0x3], private, modifiable
ID : 03
Flags : [0x30], initialized, needs-padding
Length : min_len:4, max_len:8, stored_len:8
Pad char : 0xFF
Reference : 4
Type : ascii-numeric
Path :
Private RSA Key [Root CA]
Object Flags : [0x3], private, modifiable
Usage : [0x4], sign
Access Flags : [0x1D], sensitive, alwaysSensitive,
neverExtract, local
ModLength : 2048
Key ref : 8
Native : yes
Path : 3f0050154b08
Auth ID : 03
ID : 10
Private RSA Key [Intermediate CA 1]
Object Flags : [0x3], private, modifiable
Usage : [0x4], sign
Access Flags : [0x1D], sensitive, alwaysSensitive,
neverExtract, local
ModLength : 1024
Key ref : 9
Native : yes
Path : 3f0050154b09
Auth ID : 02
ID : 20
Private RSA Key [Intermediate CA 2]
Object Flags : [0x3], private, modifiable
Usage : [0x4], sign
Access Flags : [0x1D], sensitive, alwaysSensitive,
neverExtract, local
ModLength : 1024
Key ref : 10
Native : yes
Path : 3f0050154b0a
Auth ID : 01
ID : 20
Public RSA Key [Root CA]
Object Flags : [0x2], modifiable
Usage : [0x4], sign
Access Flags : [0x0]
ModLength : 2048
Key ref : 0
Native : no
Path : 3f0050155503
ID : 10
Public RSA Key [Intermediate CA 1]
Object Flags : [0x2], modifiable
Usage : [0x4], sign
Access Flags : [0x0]
ModLength : 1024
Key ref : 0
Native : no
Path : 3f0050155504
ID : 20
Public RSA Key [Intermediate CA 2]
Object Flags : [0x2], modifiable
Usage : [0x4], sign
Access Flags : [0x0]
ModLength : 1024
Key ref : 0
Native : no
Path : 3f0050155505
ID : 20
-8<--
[Note that's the same card I used to test the "multiple keys w/ same id"
issue: the two intermediate CAs have ID 20]
Doing an strace and grepping for '.so' all I see is:
-8<--
open("/usr/lib/opensc-pkcs11.so", O_RDONLY) = 15
open("/etc/ld.so.cache", O_RDONLY) = 15
open("/usr/lib/libopensc.so.3", O_RDONLY) = 15
access("/lib/libpcsclite.so.1", R_OK) = -1 ENOENT (No such file or
directory)
access("/usr/lib/libpcsclite.so.1", R_OK) = 0
open("/usr/lib/libpcsclite.so.1", O_RDONLY) = 15
open("/etc/ld.so.cache", O_RDONLY) = 19
open("/lib/i686/libgost.so", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/lib/libgost.so", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/usr/lib/sse2/libgost.so", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/usr/lib/libgost.so", O_RDONLY) = -1 ENOENT (No such file or
directory)
-8<--
Can't find any "gost" package, except perl-Crypt-GOST, that I think it's
not useful.
BYtE,
Diego.
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
