>> pkcs15-tool -r 1f645352 | grep -v '\-' | base64 -d
> Nope! It does not work even if I add the '-i' option on base64 - it
> generates more data - the resulting file is larger than the key
> itself. Key size is 256 bytes, output (encoded) is 384 bytes.
Got it working in pkcs15-tool as well,
> pkcs15-tool -r 1f645352 | grep -v '\-' | base64 -d
>
Nope! It does not work even if I add the '-i' option on base64 - it
generates more data - the resulting file is larger than the key itself.
Key size is 256 bytes, output (encoded) is 384 bytes.
___
> I think you would have been done by now if you did.
>
> How OpenSC and/or OpenCT works is not actually required to use the
> p11 module, but of course it is quite useful background information.
>
> From your descriptions I think you only need very basic things from
> p11, which you should be abl
On Mon, 2010-11-01 at 23:53 +, Mr Dash Four wrote:
> >> As an aside question: when I create a data token I could specify
> >> "--auth-id" (I normally chose "--auth-id=01" if I need that data token
> >> to be private), which, to me, implies that I could register more than
> >> one "auth-id".
>>
>> Compare output of "pkcs15-tool -D" and "pkcs11-tool -L".
>>
> I wonder if I create a different pin (say auth-id=02), then store a
> different data object with this auth-id (02) and check to see whether
> pkcs11-tool would ask me for the right pin (auth-id=02) in order to
> read the dat
Mr Dash Four wrote:
> I would have done it ages ago if: 1) I had enough knowledge of how
> OpenSC/OpenCT works (or have enough time on my hands to acquire such
> knowledge - which I don't by the way);
I think you would have been done by now if you did.
How OpenSC and/or OpenCT works is not actu
> How about writing a tool which interfaces directly with a p11 module,
> rather than being stuck with the particular things pkcs11-tool can
> do.
>
I would have done it ages ago if: 1) I had enough knowledge of how
OpenSC/OpenCT works (or have enough time on my hands to acquire such
knowledg
>> As an aside question: when I create a data token I could specify
>> "--auth-id" (I normally chose "--auth-id=01" if I need that data token
>> to be private), which, to me, implies that I could register more than
>> one "auth-id".
>>
>
> Do you use auth-id with pkcs15-init? If true, then
Mr Dash Four wrote:
> I have to think about what other/better alternatives I have as
> executing "pkcs11-tool -O" and filtering the output seems to me a
> bit clumsy.
How about writing a tool which interfaces directly with a p11 module,
rather than being stuck with the particular things pkcs11-too
On Mon, 2010-11-01 at 21:35 +, Mr Dash Four wrote:
> > It's completely hidden, for sure. Without login, you cant decided, if
> > there are private objects on the token or not.
> >
> True, after testing it earlier there is nothing there to see - it is as
> if the token does not exist (rightl
> It's completely hidden, for sure. Without login, you cant decided, if
> there are private objects on the token or not.
>
True, after testing it earlier there is nothing there to see - it is as
if the token does not exist (rightly so, I think).
>> I have to think about what other/better alt
On Mon, 2010-11-01 at 17:43 +, Mr Dash Four wrote:
> Many thanks for your input Andre! Comments below:
>
> >> Right, so I presume if I want to see whether a login is required I still
> >> have to use "pkcs11-tool -O" and check whether the object I am
> >> interested in is shown (and its 'pri
Many thanks for your input Andre! Comments below:
>> Right, so I presume if I want to see whether a login is required I still
>> have to use "pkcs11-tool -O" and check whether the object I am
>> interested in is shown (and its 'private' flag is set). Is there another
>> (more straight-forward)
On Mon, 2010-11-01 at 15:44 +, Mr Dash Four wrote:
> > No. It forces a login, if -l is specified (even if login is NOT required).
> >
> Right, so I presume if I want to see whether a login is required I still
> have to use "pkcs11-tool -O" and check whether the object I am
> interested in
Fixed in r4852. While working on adding ECC, one line got
into other changes that where expecting 4 additional fields
in the sc_cardctl_piv_genkey_info_st. The code is only used
when generating a keypair on the PIV card, and only when OpenSSL
in enabled.
On 10/31/2010 2:50 PM, Juan Antonio Martine
> No. It forces a login, if -l is specified (even if login is NOT required).
>
Right, so I presume if I want to see whether a login is required I still
have to use "pkcs11-tool -O" and check whether the object I am
interested in is shown (and its 'private' flag is set). Is there another
(mor
On Mon, 2010-11-01 at 15:27 +, Mr Dash Four wrote:
> > the attached patch fixes #220. Now the login function does what its name
> > promises. If user-login is not desired, then simply don't call login()!
> >
> Am I right in assuming that the patch attached 'automatically'
> determines wheth
> the attached patch fixes #220. Now the login function does what its name
> promises. If user-login is not desired, then simply don't call login()!
>
Am I right in assuming that the patch attached 'automatically'
determines whether a login is required (even if "-l" and/or "--pin"
options are
Dear Friends,
Here is a short feedback from the Debian mini-conference in Paris,
which was held on Saturday 31 October 2010 :
* Ludovic Rousseau made an interesting talk on Smart cards in Debian.
This was a great talk, we learnt many things about smartcards.
He will publish his slides on his w
19 matches
Mail list logo
