Menu
▾
▴
Re: [Opensc-devel] crucial issue (for me): slot ID vs index in engine_pkcs11 / libp11
|
From: Douglas E. E. <dee...@an...> - 2013-07-30 19:01:26
|
On 7/30/2013 10:49 AM, op...@se... wrote: > Dear all, I find myself working with an old version of engine_pkcs11 / > libp11 libraries, that served me well for years. > The issue almost certainly apply to the most recent release (NOTICE: the > libp11 dowload link on the page > https://www.opensc-project.org/opensc/wiki/libp11 is broken). OpenSC is now using GitHub. https://github.com/OpenSC The old www.opensc-project.org should reflect that GitHub is the source. https://github.com/OpenSC > > It is not uncommon to have slot ID which are quite high, for instance > 761406623 with an HSM (my case). > It almost always happens when using multiple PKCS#11 drivers, that is how > I found out about the problem... > > The point is that the slot ID (as numbered by the PKCS#11 drver) has > nothing to do with the index of the slots array generated by libp11, only > accidentally they match when you're using one driver only. There was a change like this for OpenSC, pkcs11. Sounds like a change is needed in libp11. > > If you identify a key with, for instance, the name > "slot_761406623-id_1307301149164400" (reporting the slot ID), it will > miserably fail (and it is a good thing, at least it is not trying to > access the wrong slot with a bad PIN) because it finds out that 761406623 > is not good. The message is "Invalid slot number: 761406623" even if the > slot ID is exactly that. > > Now, I suspect that the original intention is to put the slot ID, not the > slot array index, in the string... is my observation correct? Yes, the slot is not an index, but more of a handle. > Or did I make any mistake in my analysis of the code? The pkcs11-tool has options: -L, --list-slots List available slots -T, --list-token-slots List slots with tokens --slot <arg> Specify the ID of the slot to use --slot-description <arg> Specify the description of the slot to use --slot-index <arg> Specify the index of the slot to use Maybe the engine_pkcs11 and libp11 need to support one of these methods to find a slot. > > If I am right, I am likely going to work on my old version and change the > code for my purpose even if the intention was not to indicate the slot > ID...: do you have some important advice regarding my attempt? > > > > > > ------------------------------------------------------------------------------ > Get your SQL database under version control now! > Version control is standard for application code, but databases havent > caught up. So what steps can you take to put your SQL databases under > version control? Why should you start doing it? Read more to find out. > http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel > -- Douglas E. Engert <DEE...@an...> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 |
