Hi again,
I've been trying to work some kinks out of the Muscle
Plugin and have
found that the PKCS11 library is having issues with things.
I'm trying to make sure that I get the PIN number and
verify before
operations, so I have the plugin select a file and
authenticate to it
as per the examples in other pkcs15-init card
implementations (such as
cryptoflex). However... the authentication fails w/ P11
because P11
uses a separate PIN system (pkcs11-tool logs into the card
w/ the -l
flag)... when key generation is further along, it needs to
create the
PrKF file... it uses the sc_pkcs15init_authenticate call to
check w/
the file for authentication... but since there are no PIN
callbacks and
the keycache is disabled, the authentication fails.
Here's a short rundown of what happens:
Me -> executes: pkcs11-tool -l -k rsa:1024
pkcs11-tool:
Validates my PIN to the card
Begins key generation process
p11 library:
...
muscle-plugin:
looks up the path for the key
authenticates to that path
-- fails because no cached key data and no PIN
callbacks
(recent modification ignores the return value since if
the user
really wasn't authenticated, the key generation
itself would fail)
key is generated
public key is extracted
PrKDF entry begins updating
-- after the PrKF file is encoded within
sc_pkcs15init_update_any_df
The PrKF file update begins...
the file selection returns SC_ERROR_FILE_NOT_FOUND
[correct]
file creation begins...
parent is selected successfully
parent is unsuccessfully authenticated to
.... key generation aborts
Thanks!
--
Thomas Harning
Identity Alliance
_______________________________________________
opensc-devel mailing list
opensc-devellists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc
-devel
|