Cryptoflex signing/certificate issue on Windows

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Cryptoflex signing/certificate issue on Windows

Jelena Stankov
Hello, 

First of all, I am very sorry if I bother you with this kind of questions, but I was browsing through your list for days and came up with no solution. The problem is with Cryptoflex 32k eGate v4 card, reader is Gemplus USB Key Smart Card Reader, OS is Windows XP sp3.
I am not being able to generate certificate request from card or to pass pkcs11-tool -test without errors. 

In my attachments you will find trace of some commands and a few lines from debug file on which the error occured
I'm currenty using OpenSC Explorer version 0.12.0-svn (I thought it could be a version issue, previous version gave errors as well). 

If anyone has any idea what could be the issue, or what am I doing wrong, please let me know.

Card supports keysize up to 2048

Regards,
--
Jeca

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user

opensc debug.txt (3K) Download Attachment
opensc trace.txt (8K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Cryptoflex signing/certificate issue on Windows

Andreas Jellinghaus-2
give the lower level tools like pkcs15-tool a try,
you can have a look at the content of your card etc.

if they don't work, the higher level stuff like pkcs11-tool
will usualy not work either.

Regards, Andreas
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: Cryptoflex signing/certificate issue on Windows

Jelena Stankov
I succeeded to initialize card with pkcs15-init, generate public/private keypair. I can list pins, public keys, private keys, all of that works without a problem with pkcs15-tool. Did you have something else in mind? 

Now I have to generate a certificate request, and that is what I cannot do because of this kind of error from openssl:
5288:error:8000A005:Vendor defined:PKCS11_rsa_sign:General Error:p11_ops.c:131:
5288:error:0D0C3006:asn1 encoding routines:ASN1_item_sign:EVP lib:a_sign.c:279:
error in req

Is there a way to generate certificate request with some other tool besides openssl?

Regards,
Jeca


On Wed, Oct 27, 2010 at 7:37 PM, Andreas Jellinghaus <[hidden email]> wrote:
give the lower level tools like pkcs15-tool a try,
you can have a look at the content of your card etc.

if they don't work, the higher level stuff like pkcs11-tool
will usualy not work either.

Regards, Andreas

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: Cryptoflex signing/certificate issue on Windows

Jelena Stankov
Everything works like a charm on Linux, but unfortunately, I need those same functionalities on Windows.
Is there a possibility that openssl wants cryptoflex module ddl, like slbck.dll, instead of opensc-pkcs11.dll?


Regards,
-- 
Jeca


On Thu, Oct 28, 2010 at 8:41 AM, Jelena Stankov <[hidden email]> wrote:
I succeeded to initialize card with pkcs15-init, generate public/private keypair. I can list pins, public keys, private keys, all of that works without a problem with pkcs15-tool. Did you have something else in mind? 

Now I have to generate a certificate request, and that is what I cannot do because of this kind of error from openssl:
5288:error:8000A005:Vendor defined:PKCS11_rsa_sign:General Error:p11_ops.c:131:
5288:error:0D0C3006:asn1 encoding routines:ASN1_item_sign:EVP lib:a_sign.c:279:
error in req

Is there a way to generate certificate request with some other tool besides openssl?

Regards,
Jeca


On Wed, Oct 27, 2010 at 7:37 PM, Andreas Jellinghaus <[hidden email]> wrote:
give the lower level tools like pkcs15-tool a try,
you can have a look at the content of your card etc.

if they don't work, the higher level stuff like pkcs11-tool
will usualy not work either.

Regards, Andreas


_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user