Menu
▾
▴
Re: [Opensc-devel] Cannot delete imported private key from SmartCard-HSM
|
From: Andreas S. <and...@ca...> - 2015-10-19 09:30:45
|
Hi Marek, What does pkcs15-tool -D show ? In the SmartCard-HSM there is a file identifier for the key (0xCC00 + keyid) and an EF with the PKCS#15 description of the key (0xC400 + keyid). For a certificate related to the private key, an EF with 0xCE00 + keyid is allocated. An unrelated certificate (i.e. a CA certificate) is placed in 0xCA00 + index with the meta data in 0xC800 + index. Data objects are placed in either 0xCF00 + index or 0xCD00 + index with meta data in 0xC800 + index. The range 0xCF00 is used for data objects that can be read always, 0xCD00 is used for data protected by the user PIN. The code enumerates file identifier and creates a key object for each key in the range 0xCC01 to 0xCCFF with the meta data from the related EF in the range 0xC401 to 0xC4FF. So if pkcs15-tool still shows the key, then an key object and the meta data are present. You can manually erase the key file and/or meta data file after PIN verification using opensc-tool or a script for the Smart Card Shell. Andreas On 10/13/2015 12:33 PM, Marek Szuba wrote: > Hello, > > A while ago I tried to import several existing X.509 certificates and > its corresponding private key into my SmartCard-HSM, using OpenSC-0.14. > It turned out that I could do that - which surprised me a bit because > later on I read on-line importing shouldn't work for this card - but > only for one certificate at a time, with each subsequent import > overwriting the previous one. I then decided that I'd rather have no > software-generated certificates on the card than have just one and > proceeded to delete the imported data, using pkcs11-tool. The cert and > the pubkey both went without trouble, however whenever I attempt to > delete the private key I get an error: > > $ pkcs11-tool --module /usr/lib/opensc-pkcs11.so -l --delete-object > --type privkey --id 11ac7c18d526f536d80520d4c03b71f4923d4553 > Using slot 1 with a present token (0x1) > Logging in to "SmartCard-HSM (UserPIN)". > Please enter User PIN: > error: PKCS11 function C_DestroyObject() failed: rv = CKR_GENERAL_ERROR > (0x5) > > The same happens now with OpenSC-0.15. > > Is there any way I could get rid of this key from the card without > reinitialising it? > > Yours sincerely, > > > > ------------------------------------------------------------------------------ > > > > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel > -- --------- CardContact Software & System Consulting |.##> <##.| Andreas Schwier |# #| Schülerweg 38 |# #| 32429 Minden, Germany |'##> <##'| Phone +49 571 56149 --------- http://www.cardcontact.de http://www.tscons.de http://www.openscdp.org http://www.smartcard-hsm.com |
