Re: [Opensc-devel] Fwd: pkcs11-tool + libmypkcs11 cant test sign?

[Douglas E. E. <dee...@an...>]

On 6/8/2013 7:36 AM, helpcrypto helpcrypto wrote:
> Sent to another maillist, cause i dont know which is the correct one...Sorry!
>
>
> ---------- Forwarded message ----------
> To: "ope...@li... <mailto:ope...@li...>" <ope...@li... <mailto:ope...@li...>>
>
>
> Hi.
>
>
> Probably im missing something, but could any of you tell me why this is happening? What should I implement?
>
>
> $ pkcs11-tool --module libmypkcs11.so -M
> Using slot 0 with a present token (0x1)
> Supported mechanisms:
>    RSA-PKCS, keySize={1024,1024}, decrypt, sign
>    RSA-PKCS-KEY-PAIR-GEN, keySize={1024,1024}, generate_key_pair

The mech list says what the card supports.
It does not say what keys you have on the card.

Try something like:
pkcs11-tool --module libmypkcs11.so --login -O
to see what objects you have on the card.

When you do a sign operation you usually specify the ID of a specific key
to be used. The card may have more then one.

>
> $ pkcs11-tool --module libmypkcs11.so --sign --login -v --key-type rsa:1024
> Using slot 0 with a present token (0x1)
> Logging in to "My Card".
> Please enter User PIN:
> error: No appropriate mechanism found
> Aborting.
>

PKCS#11 SPY can be very helpful too when testing some other
pkcs#11 lib.  For example modify this to use your libmypkcs11.so:


#!/bin/sh
# test pkcs11-tool with spy
# and can also use coolkey
#

OPENSC=/opt/smartcard

case $1 in
     cool*)
         PKCS11SPY=/path to/libcoolkeypk11.so
         COOL_KEY_LOG_FILE=/tmp/coolkey.log
         export COOL_KEY_LOG_FILE
         SLOT=1
         shift
         ;;
     *)
         PKCS11SPY=$OPENSC/lib/opensc-pkcs11.so
         SLOT=1
         ;;
esac

export PKCS11SPY
PKCS11=$OPENSC/lib/pkcs11-spy.so
export PKCS11


#gdb -args \
$OPENSC/bin/pkcs11-tool --module $PKCS11 --slot $SLOT "$@"



>
> Thanks!
>
>
>
> ------------------------------------------------------------------------------
> How ServiceNow helps IT people transform IT departments:
> 1. A cloud service to automate IT design, transition and operations
> 2. Dashboards that offer high-level views of enterprise services
> 3. A single system of record for all IT processes
> http://p.sf.net/sfu/servicenow-d2d-j
>
>
>
> _______________________________________________
> Opensc-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>

-- 

  Douglas E. Engert  <DEE...@an...>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444