On 9/15/2011 9:54 AM, Mike Tancsa wrote:
> On 9/14/2011 10:28 PM, Mike Tancsa wrote:
>>
>> I have just run into the same problem on FreeBSD. An older version
>> works fine with this key below. How do I create the debug logs to help
>> narrow down this problem ?
>
>
> Full logs sent directly to Martin
>
> But things seem to go 'bad' right from the start. Doing a simple -E
> gives errors like below. Perhaps the version of openct ?
>
OK, I narrowed it down a bit more. It seems the files in
/usr/local/share/opensc have changed. If I use the files from the older
version it seems to mostly work.
Another thing I am not sure of is that I used to use the --split-key
option and thats no longer there ?
pkcs15-init -G rsa/2048 -a 01 --pin $DUMMYPIN --so-pin $DUMMYPIN -u
sign,decrypt --split-key
Not sure if its related to the fact that I cannot used the openssl
pkcs11_engine ?
OpenSSL> req -engine pkcs11 -new -key id_45 -keyform engine -out req.pem
-subj "/C=CA/ST=ON/L=Hespeler/O=Sentex
Communications/OU=support/CN=mdtancsa-cage64/emailAddress=mdtancsa-cag...@sentex.ca"
engine "pkcs11" set.
Invalid slot number: 0
PKCS11_get_private_key returned NULL
cannot load Private Key from engine
80187:error:26096080:engine routines:ENGINE_load_private_key:failed
loading private
key:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/engine/eng_pkey.c:126:
unable to load Private Key
error in req
OpenSSL>
Nothing really jumps out just yet, but
pkcs15-id-style = mozilla;
from the pkcs15.profile
and
diff -u ../opensc.fresh/cardos.profile cardos.profile
--- ../opensc.fresh/cardos.profile 2011-09-16 13:41:52.000000000 -0400
+++ cardos.profile 2009-05-27 13:46:44.000000000 -0400
@@ -18,7 +18,7 @@
reference = 1;
}
PIN user-pin {
- attempts = 3;
+ attempts = 8;
}
PIN user-puk {
attempts = 10;
@@ -34,21 +34,16 @@
# Prevent unauthorized updates of basic security
# objects via PUT DATA OCI.
- # ACL = UPDATE=NEVER;
- ACL = UPDATE=$SOPIN;
+ ACL = UPDATE=NEVER;
# Bump the size of the EF(PrKDF) - with split
# keys, we may need a little more room.
EF PKCS15-PrKDF {
- size = 1024;
+ size = 384;
}
EF PKCS15-PuKDF {
- size = 768;
- }
-
- EF PKCS15-CDF {
- size = 1536;
+ size = 384;
}
# This template defines files for keys, certificates etc.
@@ -57,9 +52,11 @@
# combined with the last octet of the object's pkcs15 id
# to form a unique file ID.
template key-domain {
- BSO private-key {
+ # This is a dummy entry - pkcs15-init insists that
+ # this is present
+ EF private-key {
+ file-id = FFFF;
}
-
EF public-key {
file-id = 3003;
structure = transparent;
--
-------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com/
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
