pkcs15 emu: Add object to specific slot

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

pkcs15 emu: Add object to specific slot

Nguyễn Hồng Quân-2
Hello

I'm implementing DATA object support for pkcs15-openpgp emulation layer.
These pkcs15 DATA objects are mapped to private DOs of OpenPGP card and
need PIN2 to access.

However, when listing objects by pkcs11-tools, these pkcs15 DATA objects
appears in the slot of PIN1: http://paste.ubuntu.com/5595070/ and cannot
be read.

I want to move it to slot 2, to be able to use PIN2 to read it. How can
I do?

(Other objects, KEY and CERT, are listed in slot 2:
http://paste.ubuntu.com/5595074/)


--
Regards,
Quân

Y!IM: ng_hquan_vn
GTalk: ng.hong.quan


------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester  
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the  
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: pkcs15 emu: Add object to specific slot

Martin Paljak-4
Hello,
On Fri, Mar 8, 2013 at 6:45 AM, Nguyễn Hồng Quân <[hidden email]> wrote:

> I want to move it to slot 2, to be able to use PIN2 to read it. How can
> I do?
I think you mean PIN1 (not the signature PIN) ?


> (Other objects, KEY and CERT, are listed in slot 2:
> http://paste.ubuntu.com/5595074/)
The association with a PIN code is created explicitly in in
pkcs15-openpgp.c. You should also set up the mapping (done by ID-s,
grep the pkcs11 module log for "Adding data object")

Martin

------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester  
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the  
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: pkcs15 emu: Add object to specific slot

Viktor Tarasov-3
In reply to this post by Nguyễn Hồng Quân-2
Hello,

Le 08/03/2013 05:45, Nguyễn Hồng Quân a écrit :
> I'm implementing DATA object support for pkcs15-openpgp emulation layer.
> These pkcs15 DATA objects are mapped to private DOs of OpenPGP card and
> need PIN2 to access.
>
> However, when listing objects by pkcs11-tools, these pkcs15 DATA objects
> appears in the slot of PIN1: http://paste.ubuntu.com/5595070/ and cannot
> be read.

Private DATA object, by definition, is protected by some AuthentificationObject (PIN).
The object's 'auth_id' has to reference this authObject.

So, in your emulation layer, when creating PKCS#15 DATA object,
you have to set it's 'auth_id' to reference PIN2,
in the same manner as you do it for private key PKCS#15 objects:
https://github.com/OpenSC/OpenSC/blob/master/src/libopensc/pkcs15-openpgp.c#L283


> I want to move it to slot 2, to be able to use PIN2 to read it. How can
> I do?
>
> (Other objects, KEY and CERT, are listed in slot 2:
> http://paste.ubuntu.com/5595074/)

Kind regards,
Viktor.

------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester  
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the  
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: pkcs15 emu: Add object to specific slot

Nguyễn Hồng Quân-2
Hello,

Here is the struct definition for DATA object:

struct sc_pkcs15_data_info {
        /* FIXME: there is no pkcs15 ID in DataType */
        struct sc_pkcs15_id id;

        /* Identify the application:
         * either or both may be set */
        char app_label[SC_PKCS15_MAX_LABEL_SIZE];
        struct sc_object_id app_oid;

        struct sc_path path;

        struct sc_pkcs15_der data;
};
typedef struct sc_pkcs15_data_info sc_pkcs15_data_info_t;

There is no member for "auth_id" or slot ID.

On Sun 10 Mar 2013 07:13:32 PM ICT, Viktor Tarasov wrote:

> Hello,
>
> Private DATA object, by definition, is protected by some AuthentificationObject (PIN).
> The object's 'auth_id' has to reference this authObject.
>
> So, in your emulation layer, when creating PKCS#15 DATA object,
> you have to set it's 'auth_id' to reference PIN2,
> in the same manner as you do it for private key PKCS#15 objects:
> https://github.com/OpenSC/OpenSC/blob/master/src/libopensc/pkcs15-openpgp.c#L283
>
>
>> I want to move it to slot 2, to be able to use PIN2 to read it. How can
>> I do?
>>
>> (Other objects, KEY and CERT, are listed in slot 2:
>> http://paste.ubuntu.com/5595074/)
>
> Kind regards,
> Viktor.
>
> ------------------------------------------------------------------------------
> Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
> Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
> endpoint security space. For insight on selecting the right partner to
> tackle endpoint security challenges, access the full report.
> http://p.sf.net/sfu/symantec-dev2dev
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel

--
Regards,
Quân

Y!IM: ng_hquan_vn
GTalk: ng.hong.quan

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: pkcs15 emu: Add object to specific slot

Nguyễn Hồng Quân-2
Oh, sorry, I checked wrong struct.
The right one should be sc_pkcs15_object_t.

On Mon 25 Mar 2013 05:12:37 PM ICT, Nguyễn Hồng Quân wrote:

> Hello,
>
> Here is the struct definition for DATA object:
>
> struct sc_pkcs15_data_info {
> /* FIXME: there is no pkcs15 ID in DataType */
> struct sc_pkcs15_id id;
>
> /* Identify the application:
> * either or both may be set */
> char app_label[SC_PKCS15_MAX_LABEL_SIZE];
> struct sc_object_id app_oid;
>
> struct sc_path path;
>
> struct sc_pkcs15_der data;
> };
> typedef struct sc_pkcs15_data_info sc_pkcs15_data_info_t;
>
> There is no member for "auth_id" or slot ID.
>
> On Sun 10 Mar 2013 07:13:32 PM ICT, Viktor Tarasov wrote:
>> Hello,
>>
>> Private DATA object, by definition, is protected by some AuthentificationObject (PIN).
>> The object's 'auth_id' has to reference this authObject.
>>
>> So, in your emulation layer, when creating PKCS#15 DATA object,
>> you have to set it's 'auth_id' to reference PIN2,
>> in the same manner as you do it for private key PKCS#15 objects:
>> https://github.com/OpenSC/OpenSC/blob/master/src/libopensc/pkcs15-openpgp.c#L283
>>
>>
>>> I want to move it to slot 2, to be able to use PIN2 to read it. How can
>>> I do?
>>>
>>> (Other objects, KEY and CERT, are listed in slot 2:
>>> http://paste.ubuntu.com/5595074/)
>>
>> Kind regards,
>> Viktor.
>>
>> ------------------------------------------------------------------------------
>> Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
>> Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
>> endpoint security space. For insight on selecting the right partner to
>> tackle endpoint security challenges, access the full report.
>> http://p.sf.net/sfu/symantec-dev2dev
>> _______________________________________________
>> Opensc-devel mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>
> --
> Regards,
> Quân
>
> Y!IM: ng_hquan_vn
> GTalk: ng.hong.quan

--
Regards,
Quân

Y!IM: ng_hquan_vn
GTalk: ng.hong.quan

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel