On 9/28/2011 3:07 AM, Stef Walter wrote: > On 09/28/2011 08:11 AM, Jean-Michel Pouré - GOOZE wrote: >>> However I was surprised by getting back CKR_FUNCTION_NOT_SUPPORTED >>> when >>> calling the PKCS#11 C_CreateObject method. It looks like the Entersafe >>> driver doesn't support write operations. Am I misreading something? In >>> card-entersafe.c in the sc_get_driver() function it sets both >>> ops.write_binary and ops.delete_file to NULL. >> >> Dear Stef, >> >> No support of delete operations is normal, it is a security measure to >> ensure that an object cannot be overwritten by an attacker. >> >> But PKCS#11 C interface should support writing objects. For example, >> Firefox manager allows importing of entersafe objects using PKCS#11. > > I found the source of the problem. We first have to perform > C_CreateObject for the CKO_PRIVATE_KEY and then running C_CreateObject > for a matching certificate will work. > > Is this fragility necessary, or is it something that we should try to > fix in opensc?
Its not an OpenSC issue. You can have PKCS#11 private key objects independent of any cert objects. So the PKCS#11 caller needs to do two operations. > > Cheers, > > Stef > _______________________________________________ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel -- Douglas E. Engert <deeng...@anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel