Andreas Jellinghaus wrote: > Hi, > > maybe I can find some time to at least put out some new releases > of everything (that has changes). is this a good idea? > > are there any patches waiting for a merge? > and show-stopper bugs we should fix before (or patched to undo > if they don't work ok right now)? > I tried to compile latest bits from svn and check how it works with rutoken
i get "error: PKCS11 function C_CreateObject failed: rv = CKR_ATTRIBUTE_VALUE_INVALID (0x13)" then i tried to write back signed cert steps: 1) format card $ pkcs15-init -E -p rutoken Using reader with a card: ruToken driver 2) generate key pair $ pkcs11-tool --keypairgen --key-type rsa:2048 --login --label "user" --id 1 Please enter User PIN: Key pair generated: Private Key Object; RSA label: user ID: 01 Usage: decrypt, sign, unwrap Public Key Object; RSA 2048 bits label: user ID: 01 Usage: encrypt, verify, wrap 3) generate csr and sign it $ openssl req -engine pkcs11 -keyform engine -key 1 -new -text -out newcert.csr -subj "/CN=User" engine "pkcs11" set. PKCS#11 token PIN: $ openssl x509 -req -days 365 -in newcert.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out newcert.crt Signature ok subject=/CN=User Getting CA Private Key $ openssl x509 -in newcert.crt -outform der -out newcert.der 4) try to write it back $ pkcs11-tool -w newcert.der --type cert --login --label "user" --id 1 Please enter User PIN: error: PKCS11 function C_CreateObject failed: rv = CKR_ATTRIBUTE_VALUE_INVALID (0x13) Aborting. last step with debug output: [opensc-pkcs11] pkcs11-object.c:43:C_CreateObject: C_CreateObject(): CKA_TOKEN = TRUE [opensc-pkcs11] pkcs11-object.c:43:C_CreateObject: C_CreateObject(): CKA_VALUE = 308203DA308201C2020101300D06092A864886F70D01010505003057310B3009 [opensc-pkcs11] pkcs11-object.c:43:C_CreateObject: C_CreateObject(): CKA_CLASS = CKO_CERTIFICATE [opensc-pkcs11] pkcs11-object.c:43:C_CreateObject: C_CreateObject(): CKA_CERTIFICATE_TYPE = CKC_X_509 [opensc-pkcs11] pkcs11-object.c:43:C_CreateObject: C_CreateObject(): CKA_LABEL = user [opensc-pkcs11] pkcs11-object.c:43:C_CreateObject: C_CreateObject(): CKA_ID = 01 [opensc-pkcs11] pkcs11-object.c:43:C_CreateObject: C_CreateObject(): CKA_SUBJECT = 300F310D300B0603550403130455736572 [opensc-pkcs11] pkcs11-object.c:43:C_CreateObject: C_CreateObject(): CKA_ISSUER = 3057310B3009060355040613025255311330110603550408130A536F6D652D53 [opensc-pkcs11] pkcs11-object.c:43:C_CreateObject: C_CreateObject(): CKA_SERIAL_NUMBER = 020101 [opensc-pkcs11] card.c:285:sc_lock: called [opensc-pkcs11] reader-openct.c:420:openct_reader_lock: called [opensc-pkcs11] card.c:668:sc_card_ctl: called [opensc-pkcs11] card-rutoken.c:1389:rutoken_card_ctl: called [opensc-pkcs11] card-rutoken.c:1435:rutoken_card_ctl: SC_CARDCTL_LIFECYCLE_SET not supported [opensc-pkcs11] card-rutoken.c:1436:rutoken_card_ctl: returning SC_ERROR_NOT_SUPPORTED [opensc-pkcs11] card.c:675:sc_card_ctl: card_ctl(4) not supported [opensc-pkcs11] card.c:532:sc_select_file: called; type=2, path=3f0050154946 [opensc-pkcs11] card-rutoken.c:383:rutoken_select_file: called [opensc-pkcs11] card-rutoken.c:391:rutoken_select_file: path = 3f 00 50 15 49 46 type = 2 [opensc-pkcs11] apdu.c:516:sc_transmit_apdu: called [opensc-pkcs11] card.c:285:sc_lock: called [opensc-pkcs11] card.c:312:sc_unlock: called [opensc-pkcs11] card-rutoken.c:220:rutoken_check_sw: File (DO) not found [opensc-pkcs11] card-rutoken.c:221:rutoken_check_sw: sw1 = 6a, sw2 = 82 [opensc-pkcs11] card-rutoken.c:469:rutoken_select_file: returning with: -1201 [opensc-pkcs11] card.c:554:sc_select_file: returning with: -1201 [opensc-pkcs11] profile.c:317:sc_profile_load: Trying profile file /usr/share/opensc/pkcs15.profile [opensc-pkcs11] profile.c:325:sc_profile_load: profile /usr/share/opensc/pkcs15.profile loaded ok [opensc-pkcs11] profile.c:317:sc_profile_load: Trying profile file /usr/share/opensc/rutoken.profile [opensc-pkcs11] profile.c:325:sc_profile_load: profile /usr/share/opensc/rutoken.profile loaded ok [opensc-pkcs11] card.c:312:sc_unlock: called [opensc-pkcs11] reader-openct.c:447:openct_reader_unlock: called error: PKCS11 function C_CreateObject failed: rv = CKR_ATTRIBUTE_VALUE_INVALID (0x13) Any idea? -- Pavel _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel