Re: [opensc-devel] ssh error

Thu, 03 Mar 2011 01:14:40 -0800 

On 23/02/2011 21:19, Martin Paljak wrote:

>> -8<--
>> $ ssh otheruser@myhost
>> Enter PIN for 'MyEID (User Auth)':
>> C_Sign failed: 257
> This means: #define CKR_USER_NOT_LOGGED_IN                    (0x101UL)
> Having OpenSC debug.log would be useful - is the right PIN verified before as 
> it should be.
I tried to simplify: I added an UNPROTECTED (--insecure) key, just to
test. That's the one whose public-key I loaded on server.
The script used to init the card is attached (maybe it could be useful
for others).

The log is available at:
http://www.csshl.org/EXTRA_FILES/opensc-debug.log.err.gz

>> After that, I often find the card unresponsive after that error:
That's probably related. Before flooding with logs, better to have the
most basic part working :) That might fix this too (as usually happens
when programming in C)...

BYtE,
 Diego.

#!/bin/bash

SOPIN=9999
SOPUK=99999999
PIN1=1111
PUK1=11111111
PIN2=2222
PUK2=22222222
PIN3=3333
PUK3=33333333

# Load a certificate on card. $1 is base name (and label)
function loadcert {
    echo "Loading cert for $1"
    pkcs15-init -S "$1.p12" -f PKCS12 --passphrase "$2" -v -a 2 -l "$1" --pin 
$PIN1
}

# Generate a new key for SSL
# - Pin# (0 for no PIN)
# - ID
# - label
function genkey {
    size=2048
    echo "Generating key '$3' - ID=$2 size=$size"
    if [ -z '$1' ]; then 
        auth="--insecure";
    else
        auth="-a $1";
    fi
    # Maybe only a subset is needed, but for now I'll enable all uses
    
keyuse=digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement,keyCertSign,cRLSign

    pkcs15-init -G rsa/$size $auth --id $2 -u $keyuse -l "$3" --pin $PIN1
    k=`pkcs15-tool --read-ssh-key $2 2>/dev/null |tail -1`
    echo "$k $3"
}

pkcs15-init -E -l "NdK card"
pkcs15-init -C --pin 1111 --puk 1111 --so-pin $SOPIN --so-puk $SOPUK
pkcs15-init -P -a 1 --pin $PIN1 --puk $PUK1 --so-pin $SOPIN -l "Card Auth"
pkcs15-init -P -a 2 --pin $PIN2 --puk $PUK2 --so-pin $SOPIN -l "User Auth"
pkcs15-init -P -a 3 --pin $PIN3 --puk $PUK3 --so-pin $SOPIN -l "Root CA"
pkcs15-init -P -a 4 --pin $PIN3 --puk $PUK3 --so-pin $SOPIN -l "Intermediate CA 
1"
pkcs15-init -P -a 5 --pin $PIN3 --puk $PUK3 --so-pin $SOPIN -l "Intermediate CA 
2"
pkcs15-init -F

# First it's better to put SSH keys
genkey 2 1000 "ndk"
genkey 0 1001 "da-tecnici"

# Import certs
#loadcert certfile privkeypass

# Generate other keys
#genkey 3 10 "Root CA"
#genkey 2 20 "Intermediate CA 1"
#genkey 1 21 "Intermediate CA 2"

#addcert
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Reply via email to