New key objects created when performing a lookup?

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

New key objects created when performing a lookup?

Geoffrey Elgey-2
G'day,

If use pkcs11-tool configured with libmusclepkcs11.so to store a
certificate and a private key on a card, then perform a lookup of the
objects on the card, it seems that additional public and private key
objects are added to the card by libmusclepkcs11.so.

For example, if I put a certificate and a private key on the a card,
then muscleTool shows the following objects:

muscle [MuscleCard Applet] > list
            Object ID  Object Size     READ   WRITE   DELETE
    -----------------  -----------    ------  ------  ------
                   k5          512    ALWAYS  PIN #1  PIN #1
                   k4          512    PIN #1  PIN #1  PIN #1
                   c0          512    ALWAYS  PIN #1  PIN #1
                   C0          646    ALWAYS  PIN #1  PIN #1

The certificate is represented by {c0,C0}, and the private key by {k4,k5}.

But if I then use pkcs11-tool (configured to use libmusclpkcs11.so) to
view the card contents, this is what gets listed:

Certificate Object, type = X.509 cert
   label:      user-cert
   ID:         1234

Public Key Object; unknown key algorithm 134532164
   ID:         1234
   Usage:      encrypt, verify, wrap

Private Key Object; RSA
   label:      user-key
   ID:         1234
   Usage:      decrypt, sign, unwrap

Public Key Object; RSA 134564297 bits
   label:
   ID:         4b45593030303030303030303030303030303033
   Usage:      encrypt, verify, wrap

Private Key Object; RSA
   label:
   ID:         4b45593030303030303030303030303030303032
   Usage:      decrypt, sign, unwrap

Public Key Object; RSA 134564297 bits
   label:
   ID:         4b45593030303030303030303030303030303031
   Usage:      encrypt, verify, wrap

Private Key Object; RSA
   label:
   ID:         4b45593030303030303030303030303030303030
   Usage:      decrypt, sign, unwrap


NOTE: lots messages such as "warning: PKCS11 function
C_GetAttributeValue(ENCRYPT) failed: rv = CKR_ATTRIBUTE_TYPE_INVALID
(0x12)" have been removed from the above. Key usage attributes are not
explicitly created by pkcs11-tool, so I'm assuming these attributes
don't exist and have no default value, so that getting their value is an
error?

There's quite a few new objects listed above, as revealed by using
muscleTool:

muscle [MuscleCard Applet] > list
            Object ID  Object Size     READ   WRITE   DELETE
    -----------------  -----------    ------  ------  ------
                   k3          512    ALWAYS  PIN #1  PIN #1
                   k2          512    PIN #1  PIN #1  PIN #1
                   k1          512    ALWAYS  PIN #1  PIN #1
                   k0          512    PIN #1  PIN #1  PIN #1
                   k5          512    ALWAYS  PIN #1  PIN #1
                   k4          512    PIN #1  PIN #1  PIN #1
                   c0          512    ALWAYS  PIN #1  PIN #1
                   C0          646    ALWAYS  PIN #1  PIN #1

New key objects k0, k1, k2, and k4 have been created.

So: why have these new key objects been created by libmusclepkcs11.so in
the process of the lookup, and should these objects have been created by
pkcs11-tool in the first place?

-- Geoff
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel