From: Nguyễn H. Q. <qua...@mb...> - 2013-03-08 05:14:09
|
Hello I'm implementing DATA object support for pkcs15-openpgp emulation layer. These pkcs15 DATA objects are mapped to private DOs of OpenPGP card and need PIN2 to access. However, when listing objects by pkcs11-tools, these pkcs15 DATA objects appears in the slot of PIN1: http://paste.ubuntu.com/5595070/ and cannot be read. I want to move it to slot 2, to be able to use PIN2 to read it. How can I do? (Other objects, KEY and CERT, are listed in slot 2: http://paste.ubuntu.com/5595074/) -- Regards, Quân Y!IM: ng_hquan_vn GTalk: ng.hong.quan |
From: Martin P. <ma...@ma...> - 2013-03-08 07:39:32
|
Hello, On Fri, Mar 8, 2013 at 6:45 AM, Nguyễn Hồng Quân <qua...@mb...> wrote: > I want to move it to slot 2, to be able to use PIN2 to read it. How can > I do? I think you mean PIN1 (not the signature PIN) ? > (Other objects, KEY and CERT, are listed in slot 2: > http://paste.ubuntu.com/5595074/) The association with a PIN code is created explicitly in in pkcs15-openpgp.c. You should also set up the mapping (done by ID-s, grep the pkcs11 module log for "Adding data object") Martin |
From: Viktor T. <vik...@gm...> - 2013-03-10 12:13:46
|
Hello, Le 08/03/2013 05:45, Nguyễn Hồng Quân a écrit : > I'm implementing DATA object support for pkcs15-openpgp emulation layer. > These pkcs15 DATA objects are mapped to private DOs of OpenPGP card and > need PIN2 to access. > > However, when listing objects by pkcs11-tools, these pkcs15 DATA objects > appears in the slot of PIN1: http://paste.ubuntu.com/5595070/ and cannot > be read. Private DATA object, by definition, is protected by some AuthentificationObject (PIN). The object's 'auth_id' has to reference this authObject. So, in your emulation layer, when creating PKCS#15 DATA object, you have to set it's 'auth_id' to reference PIN2, in the same manner as you do it for private key PKCS#15 objects: https://github.com/OpenSC/OpenSC/blob/master/src/libopensc/pkcs15-openpgp.c#L283 > I want to move it to slot 2, to be able to use PIN2 to read it. How can > I do? > > (Other objects, KEY and CERT, are listed in slot 2: > http://paste.ubuntu.com/5595074/) Kind regards, Viktor. |
From: Nguyễn H. Q. <qua...@mb...> - 2013-03-25 10:34:34
|
Hello, Here is the struct definition for DATA object: struct sc_pkcs15_data_info { /* FIXME: there is no pkcs15 ID in DataType */ struct sc_pkcs15_id id; /* Identify the application: * either or both may be set */ char app_label[SC_PKCS15_MAX_LABEL_SIZE]; struct sc_object_id app_oid; struct sc_path path; struct sc_pkcs15_der data; }; typedef struct sc_pkcs15_data_info sc_pkcs15_data_info_t; There is no member for "auth_id" or slot ID. On Sun 10 Mar 2013 07:13:32 PM ICT, Viktor Tarasov wrote: > Hello, > > Private DATA object, by definition, is protected by some AuthentificationObject (PIN). > The object's 'auth_id' has to reference this authObject. > > So, in your emulation layer, when creating PKCS#15 DATA object, > you have to set it's 'auth_id' to reference PIN2, > in the same manner as you do it for private key PKCS#15 objects: > https://github.com/OpenSC/OpenSC/blob/master/src/libopensc/pkcs15-openpgp.c#L283 > > >> I want to move it to slot 2, to be able to use PIN2 to read it. How can >> I do? >> >> (Other objects, KEY and CERT, are listed in slot 2: >> http://paste.ubuntu.com/5595074/) > > Kind regards, > Viktor. > > ------------------------------------------------------------------------------ > Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester > Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the > endpoint security space. For insight on selecting the right partner to > tackle endpoint security challenges, access the full report. > http://p.sf.net/sfu/symantec-dev2dev > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel -- Regards, Quân Y!IM: ng_hquan_vn GTalk: ng.hong.quan |
From: Nguyễn H. Q. <qua...@mb...> - 2013-03-25 11:08:50
|
Oh, sorry, I checked wrong struct. The right one should be sc_pkcs15_object_t. On Mon 25 Mar 2013 05:12:37 PM ICT, Nguyễn Hồng Quân wrote: > Hello, > > Here is the struct definition for DATA object: > > struct sc_pkcs15_data_info { > /* FIXME: there is no pkcs15 ID in DataType */ > struct sc_pkcs15_id id; > > /* Identify the application: > * either or both may be set */ > char app_label[SC_PKCS15_MAX_LABEL_SIZE]; > struct sc_object_id app_oid; > > struct sc_path path; > > struct sc_pkcs15_der data; > }; > typedef struct sc_pkcs15_data_info sc_pkcs15_data_info_t; > > There is no member for "auth_id" or slot ID. > > On Sun 10 Mar 2013 07:13:32 PM ICT, Viktor Tarasov wrote: >> Hello, >> >> Private DATA object, by definition, is protected by some AuthentificationObject (PIN). >> The object's 'auth_id' has to reference this authObject. >> >> So, in your emulation layer, when creating PKCS#15 DATA object, >> you have to set it's 'auth_id' to reference PIN2, >> in the same manner as you do it for private key PKCS#15 objects: >> https://github.com/OpenSC/OpenSC/blob/master/src/libopensc/pkcs15-openpgp.c#L283 >> >> >>> I want to move it to slot 2, to be able to use PIN2 to read it. How can >>> I do? >>> >>> (Other objects, KEY and CERT, are listed in slot 2: >>> http://paste.ubuntu.com/5595074/) >> >> Kind regards, >> Viktor. >> >> ------------------------------------------------------------------------------ >> Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester >> Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the >> endpoint security space. For insight on selecting the right partner to >> tackle endpoint security challenges, access the full report. >> http://p.sf.net/sfu/symantec-dev2dev >> _______________________________________________ >> Opensc-devel mailing list >> Ope...@li... >> https://lists.sourceforge.net/lists/listinfo/opensc-devel > > -- > Regards, > Quân > > Y!IM: ng_hquan_vn > GTalk: ng.hong.quan -- Regards, Quân Y!IM: ng_hquan_vn GTalk: ng.hong.quan |