On 21/02/2011 14:03, Christian Hohnstaedt wrote: > XCA 0.8.x used the engine_pkcs11. Ok. In Mandriva I had only 0.8.1 rpm.
> In version 0.9.0, I dropped the need of engine_pkcs11 and use the > signing routines of the pkcs11 lib directly. Mainly to support multiple > PKCS11 provider in parallel. > So maybe XCA 0.9.0 will work for you. Removed 0.8.1 from RPM and installed newly compiled 0.9.0. But when I select Token -> Manage Security Token -> "MyEID (Root CA)" (argh! still "slots" at work! so are they "users" in PIN<=>user 1:1 relation? and why can't I have keys not associated w/ a PIN, for low-security needs?) it says: -8<-- The following error occured: (pki_scard:) error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library error:25070067:DSO support routines:DSO_load:could not load the shared library error:260B6084:engine routines:DYNAMIC_LOAD:dso not found (pki_key.cpp:273) -8<-- then says "The token 'MyEID (Root CA)' did not contain any keys or certificates", but the keys are there (cut from pkcs15-tool -D): -8<-- PIN [Root CA] Object Flags : [0x3], private, modifiable ID : 03 Flags : [0x30], initialized, needs-padding Length : min_len:4, max_len:8, stored_len:8 Pad char : 0xFF Reference : 4 Type : ascii-numeric Path : Private RSA Key [Root CA] Object Flags : [0x3], private, modifiable Usage : [0x4], sign Access Flags : [0x1D], sensitive, alwaysSensitive, neverExtract, local ModLength : 2048 Key ref : 8 Native : yes Path : 3f0050154b08 Auth ID : 03 ID : 10 Private RSA Key [Intermediate CA 1] Object Flags : [0x3], private, modifiable Usage : [0x4], sign Access Flags : [0x1D], sensitive, alwaysSensitive, neverExtract, local ModLength : 1024 Key ref : 9 Native : yes Path : 3f0050154b09 Auth ID : 02 ID : 20 Private RSA Key [Intermediate CA 2] Object Flags : [0x3], private, modifiable Usage : [0x4], sign Access Flags : [0x1D], sensitive, alwaysSensitive, neverExtract, local ModLength : 1024 Key ref : 10 Native : yes Path : 3f0050154b0a Auth ID : 01 ID : 20 Public RSA Key [Root CA] Object Flags : [0x2], modifiable Usage : [0x4], sign Access Flags : [0x0] ModLength : 2048 Key ref : 0 Native : no Path : 3f0050155503 ID : 10 Public RSA Key [Intermediate CA 1] Object Flags : [0x2], modifiable Usage : [0x4], sign Access Flags : [0x0] ModLength : 1024 Key ref : 0 Native : no Path : 3f0050155504 ID : 20 Public RSA Key [Intermediate CA 2] Object Flags : [0x2], modifiable Usage : [0x4], sign Access Flags : [0x0] ModLength : 1024 Key ref : 0 Native : no Path : 3f0050155505 ID : 20 -8<-- [Note that's the same card I used to test the "multiple keys w/ same id" issue: the two intermediate CAs have ID 20] Doing an strace and grepping for '.so' all I see is: -8<-- open("/usr/lib/opensc-pkcs11.so", O_RDONLY) = 15 open("/etc/ld.so.cache", O_RDONLY) = 15 open("/usr/lib/libopensc.so.3", O_RDONLY) = 15 access("/lib/libpcsclite.so.1", R_OK) = -1 ENOENT (No such file or directory) access("/usr/lib/libpcsclite.so.1", R_OK) = 0 open("/usr/lib/libpcsclite.so.1", O_RDONLY) = 15 open("/etc/ld.so.cache", O_RDONLY) = 19 open("/lib/i686/libgost.so", O_RDONLY) = -1 ENOENT (No such file or directory) open("/lib/libgost.so", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/lib/sse2/libgost.so", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/lib/libgost.so", O_RDONLY) = -1 ENOENT (No such file or directory) -8<-- Can't find any "gost" package, except perl-Crypt-GOST, that I think it's not useful. BYtE, Diego. _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel