Fwd: pkcs11-tool + libmypkcs11 cant test sign?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Fwd: pkcs11-tool + libmypkcs11 cant test sign?

helpcrypto helpcrypto
Sent to another maillist, cause i dont know which is the correct one...Sorry!


---------- Forwarded message ----------
To: "[hidden email]" <[hidden email]>


Hi.


Probably im missing something, but could any of you tell me why this is happening? What should I implement?


$ pkcs11-tool --module libmypkcs11.so -M
Using slot 0 with a present token (0x1)
Supported mechanisms:
  RSA-PKCS, keySize={1024,1024}, decrypt, sign
  RSA-PKCS-KEY-PAIR-GEN, keySize={1024,1024}, generate_key_pair

$ pkcs11-tool --module libmypkcs11.so --sign --login -v --key-type rsa:1024
Using slot 0 with a present token (0x1)
Logging in to "My Card".
Please enter User PIN:
error: No appropriate mechanism found
Aborting.


Thanks!


------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. A cloud service to automate IT design, transition and operations
2. Dashboards that offer high-level views of enterprise services
3. A single system of record for all IT processes
http://p.sf.net/sfu/servicenow-d2d-j
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Fwd: pkcs11-tool + libmypkcs11 cant test sign?

Douglas E. Engert


On 6/8/2013 7:36 AM, helpcrypto helpcrypto wrote:

> Sent to another maillist, cause i dont know which is the correct one...Sorry!
>
>
> ---------- Forwarded message ----------
> To: "[hidden email] <mailto:[hidden email]>" <[hidden email] <mailto:[hidden email]>>
>
>
> Hi.
>
>
> Probably im missing something, but could any of you tell me why this is happening? What should I implement?
>
>
> $ pkcs11-tool --module libmypkcs11.so -M
> Using slot 0 with a present token (0x1)
> Supported mechanisms:
>    RSA-PKCS, keySize={1024,1024}, decrypt, sign
>    RSA-PKCS-KEY-PAIR-GEN, keySize={1024,1024}, generate_key_pair

The mech list says what the card supports.
It does not say what keys you have on the card.

Try something like:
pkcs11-tool --module libmypkcs11.so --login -O
to see what objects you have on the card.

When you do a sign operation you usually specify the ID of a specific key
to be used. The card may have more then one.

>
> $ pkcs11-tool --module libmypkcs11.so --sign --login -v --key-type rsa:1024
> Using slot 0 with a present token (0x1)
> Logging in to "My Card".
> Please enter User PIN:
> error: No appropriate mechanism found
> Aborting.
>

PKCS#11 SPY can be very helpful too when testing some other
pkcs#11 lib.  For example modify this to use your libmypkcs11.so:


#!/bin/sh
# test pkcs11-tool with spy
# and can also use coolkey
#

OPENSC=/opt/smartcard

case $1 in
     cool*)
         PKCS11SPY=/path to/libcoolkeypk11.so
         COOL_KEY_LOG_FILE=/tmp/coolkey.log
         export COOL_KEY_LOG_FILE
         SLOT=1
         shift
         ;;
     *)
         PKCS11SPY=$OPENSC/lib/opensc-pkcs11.so
         SLOT=1
         ;;
esac

export PKCS11SPY
PKCS11=$OPENSC/lib/pkcs11-spy.so
export PKCS11


#gdb -args \
$OPENSC/bin/pkcs11-tool --module $PKCS11 --slot $SLOT "$@"



>
> Thanks!
>
>
>
> ------------------------------------------------------------------------------
> How ServiceNow helps IT people transform IT departments:
> 1. A cloud service to automate IT design, transition and operations
> 2. Dashboards that offer high-level views of enterprise services
> 3. A single system of record for all IT processes
> http://p.sf.net/sfu/servicenow-d2d-j
>
>
>
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>

--

  Douglas E. Engert  <[hidden email]>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. A cloud service to automate IT design, transition and operations
2. Dashboards that offer high-level views of enterprise services
3. A single system of record for all IT processes
http://p.sf.net/sfu/servicenow-d2d-j
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Fwd: pkcs11-tool + libmypkcs11 cant test sign?

helpcrypto helpcrypto
Didnt think on using spy, damm it!
Thank you!


On Mon, Jun 10, 2013 at 3:57 PM, Douglas E. Engert <[hidden email]> wrote:


On 6/8/2013 7:36 AM, helpcrypto helpcrypto wrote:
> Sent to another maillist, cause i dont know which is the correct one...Sorry!
>
>
> ---------- Forwarded message ----------
> To: "[hidden email] <mailto:[hidden email]>" <[hidden email] <mailto:[hidden email]>>
>
>
> Hi.
>
>
> Probably im missing something, but could any of you tell me why this is happening? What should I implement?
>
>
> $ pkcs11-tool --module libmypkcs11.so -M
> Using slot 0 with a present token (0x1)
> Supported mechanisms:
>    RSA-PKCS, keySize={1024,1024}, decrypt, sign
>    RSA-PKCS-KEY-PAIR-GEN, keySize={1024,1024}, generate_key_pair

The mech list says what the card supports.
It does not say what keys you have on the card.

Try something like:
pkcs11-tool --module libmypkcs11.so --login -O
to see what objects you have on the card.

When you do a sign operation you usually specify the ID of a specific key
to be used. The card may have more then one.

>
> $ pkcs11-tool --module libmypkcs11.so --sign --login -v --key-type rsa:1024
> Using slot 0 with a present token (0x1)
> Logging in to "My Card".
> Please enter User PIN:
> error: No appropriate mechanism found
> Aborting.
>

PKCS#11 SPY can be very helpful too when testing some other
pkcs#11 lib.  For example modify this to use your libmypkcs11.so:


#!/bin/sh
# test pkcs11-tool with spy
# and can also use coolkey
#

OPENSC=/opt/smartcard

case $1 in
     cool*)
         PKCS11SPY=/path to/libcoolkeypk11.so
         COOL_KEY_LOG_FILE=/tmp/coolkey.log
         export COOL_KEY_LOG_FILE
         SLOT=1
         shift
         ;;
     *)
         PKCS11SPY=$OPENSC/lib/opensc-pkcs11.so
         SLOT=1
         ;;
esac

export PKCS11SPY
PKCS11=$OPENSC/lib/pkcs11-spy.so
export PKCS11


#gdb -args \
$OPENSC/bin/pkcs11-tool --module $PKCS11 --slot $SLOT "$@"



>
> Thanks!
>
>
>
> ------------------------------------------------------------------------------
> How ServiceNow helps IT people transform IT departments:
> 1. A cloud service to automate IT design, transition and operations
> 2. Dashboards that offer high-level views of enterprise services
> 3. A single system of record for all IT processes
> http://p.sf.net/sfu/servicenow-d2d-j
>
>
>
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>

--

  Douglas E. Engert  <[hidden email]>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. A cloud service to automate IT design, transition and operations
2. Dashboards that offer high-level views of enterprise services
3. A single system of record for all IT processes
http://p.sf.net/sfu/servicenow-d2d-j
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel


------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel