Menu
▾
▴
Re: [Opensc-devel] missing key usage of pubkey
|
From: Cornelius K. <cor...@ne...> - 2016-04-16 07:18:23
|
Hello Andreas,
Thanks a lot. I will do so, test it and report.
Kind regards Cornelius
Cornelius Kölbe...@ne...+49 151 2960 1417
NetKnights GmbHhttp://netknights.itLandgraf-Karl-Str. 19, 34131 Kassel, GermanyTel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405Geschäftsführer: Cornelius Kölbel
-------- Ursprüngliche Nachricht --------
Von: Andreas Schwier <and...@ca...>
Datum: 16.04.2016 00:11 (GMT+01:00)
An: ope...@li...
Betreff: Re: [Opensc-devel] missing key usage of pubkey
Dear Cornelius,
get a newer version ;-)
0.13 was the first version to support the SmartCard-HSM and a lot has
happened since then.
Andreas
On 04/15/2016 11:02 PM, Cornelius Kölbel wrote:
> Hi,
>
> I am doing some tests with the nitrokey (smartcard-hsm) on Ubuntu 14.04.
> It comes with 0.13.0-3ubuntu4.1.
>
> So you may simply tell me to get a newer version ;-)
>
> Now, when I generate a key pair everything looks fine.
> The key usage of the pubkey is marked as _encrypt_.
>
> But when I run -l -O the public key has no attributes!
>
>
> (venv)cornelius@puckel ...c/privacyidea/privacyidea/lib/security
> (git)-[pkcs11] % pkcs11-tool
> --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -l --keypairgen
> --key-type rsa:2048 --id
> 11
> Using slot 1 with a present token (0x1)
> Logging in to "SmartCard-HSM (UserPIN)".
> Please enter User PIN:
> Key pair generated:
> Private Key Object; RSA
> label: Private Key
> ID: 11
> Usage: decrypt, sign, unwrap
> Public Key Object; RSA 2048 bits
> label: Private Key
> ID: 11
> Usage: encrypt, verify, wrap
> (venv)cornelius@puckel ...c/privacyidea/privacyidea/lib/security
> (git)-[pkcs11] % pkcs11-tool
> --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -l -O
> Using slot 1 with a present token (0x1)
> Logging in to "SmartCard-HSM (UserPIN)".
> Please enter User PIN:
> Private Key Object; RSA
> label: Private Key
> ID: 11
> Usage: decrypt, sign, unwrap
> Public Key Object; RSA 2048 bits
> label: Private Key
> ID: 11
> Usage: none
>
> Also when I look at the object all key usage attribs are set to false:
>
> [CKA_ALWAYS_SENSITIVE: True
> CKA_CLASS: CKO_PUBLIC_KEY
> CKA_DECRYPT: False
> CKA_DERIVE: False
> CKA_ENCRYPT: False
> CKA_EXTRACTABLE: (0L,)
> CKA_ID: (17L,)
> CKA_KEY_GEN_MECHANISM: -1
> CKA_KEY_TYPE: CKK_RSA
> CKA_LABEL: Private Key
> CKA_LOCAL: True
> CKA_MODIFIABLE: False
>
> When I try to encrypt with the key handle on key x11 i get
> CKR_FUNCTION_NOT_SUPPORTED.
>
> So it looks like the attributes of the pubkey are not persisted.
>
> Am I missing something?
>
> Thanks a lot and kind regards
> Cornelius
>
>
>
>
>
> ------------------------------------------------------------------------------
> Find and fix application performance issues faster with Applications Manager
> Applications Manager provides deep performance insights into multiple tiers of
> your business applications. It resolves application problems quickly and
> reduces your MTTR. Get your free trial!
> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
>
>
>
> _______________________________________________
> Opensc-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>
--
--------- CardContact Systems GmbH
|.##> <##.| Schülerweg 38
|# #| D-32429 Minden, Germany
|# #| Phone +49 571 56149
|'##> <##'| http://www.cardcontact.de
--------- Registergericht Bad Oeynhausen HRB 14880
Geschäftsführer Andreas Schwier
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Opensc-devel mailing list
Ope...@li...
https://lists.sourceforge.net/lists/listinfo/opensc-devel
|
