Menu
▾
▴
[Opensc-devel] x509 cert aliases loading problems using opensc-pkcs11.so
|
From: Andrea Dell'A. <ad...@li...> - 2015-07-07 11:25:05
|
Goodmorning everyone. I'm writing my first message here so I hope it's the right place to do it. I'm a java developer writing a program for Ubuntu and I need to access to my Athena smartcard pkcs11 features using opensc-pkcs11.so driver. There are two x509 certs into the smartcard: -One is for "non-repudiation" key usage (digital signature) -the other one is for "Critical" "Signing" "Key Encipherment" (web authentication and encryption) The sun.security.pkcs11.SunPKCS11 provider is loaded with no problem using the opensc-pkcs11.so driver. When I load the pkcs11 keystore and I list all the aliases, my code is able to see *JUST* the alias with "Critical" "Signing" "Key Encipherment" (web authentication and encryption) x509 cert, *NOT THE NON-REPUDIATION ONE!!* If I load the pksc11 keystore using the Athena's smartcard Proprietary driver (/lib64/libASEP11.so), my code is able to load *all my smartcard keystore aliases*. I tried with some other smartcard produced by different vendors (Incard and Siemens). I'm always able to load the sun.security.pkcs11.SunPKCS11 provider using opensc-pkcs11.so. But I'm able to see the non-repudiation x509 cert *only using the proprietary smartcard driver*. Why? Why I'm not able to load the "non-repudiation" key usage x509 cert using opensc-pkcs11.so? |
