The problem around the ID 01 was solved downloading opensc 12.2 src-code to openSuSE 11.3 and compiling. It doesnt always work with compile, better to get it through the RPM-packages. The change was discovered downloading openSuSE 12.1 having the opensc 12.2 as RPM. The opensc 11.3 and 12.0 would not do as to the problem described above.
Conclusion: It is now possible to sign by the smartcard with both keys in the slot, the sign/encrypt key and the Non-Repud key - S- SiSt wrote: > > - I hope that this question falls within the boundaries of opensc: - > Trying to sign with the means of a smartcard. > Only 1 Slot is used on the card, rest are empty. > Slot 1 contains 2 certs: > 1. X509v3 Key Usage: critical > Digital Signature, Key Encipherment, Data Encipherment, > Key Agreement > 2. X509v3 Key Usage: critical > Non Repudiation > > The request from receiver is to sign with Non-Repud. > > What pkcs11-tool does is that it choses ONLY the key/cert defined as > "critical digital signature", even if I choses a different ID. The program > will not take into consideration that I am changing ID from 00 to 01. I > dont even have to apply ID, but I have to apply correct slot. Here is the > commanline: > pkcs11-tool --login --sign --slot-label BEID --slot 1 --id 01 --module > /usr/lib/libiidp11.so.5.6.0.44 -m SHA1-RSA-PKCS -v -i $1 -o $2 > > I take into consideration that signing with Non-Repud is formally > incorrect, but this I do not know anything about, and that pkcs11-tool > automatically choses the "correct" ID. > A question is of course if I am setting the command line up correctly with > all the switches necessary to achieve my goal. - In case I will regret; > could anybody in case tell me how to do it? > > S > -- View this message in context: http://old.nabble.com/Why-pkcs11-tool-do-not-chose-signing-with-certs-classified-as-Non-Repud-tp32951305p32997562.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
