|
osdir.com mailing list archive |
|
Subject: Re: Testing with pkcs#11 and aladdin - msg#00132List: encryption.opensc.develives steglich wrote: hi ppl, i did run some testing, see attached file but sometimes i run into problems like: CKR_ATTRIBUTE_TYPE_INVALID (0x12) any hints for me? no hints? well, the problem seems to be bug in OpenSC. OpenSC tries to get the length of private key via the CKA_MODULUS_BITS attribute which is, according to pkcs11 v2.20, only present in public keys => other pkcs11 libraries give an error when opensc tries to retrieve this attribute from a private key. Unfortunately requires the patch a little bit more work than I have expected ... perhaps I will have time next weekend (but I can guarantee nothing as I have other important items on my TODO list). Cheers, Nils Thread at a glance:
Previous Message by Date: click to view message previewRe: Testing with pkcs#11 and aladdinives steglich wrote: hi ppl, i did run some testing, see attached file but sometimes i run into problems like: CKR_ATTRIBUTE_TYPE_INVALID (0x12) any hints for me? no hints? greetings dalini Next Message by Date: click to view message previewRe: gpk security model--On Wednesday, November 10, 2004 21:26:30 +0100 Andreas Jellinghaus <aj@xxxxxxxxxxxxxxx> wrote: > if anyone knows the gemplus pk security model in detail: I'm not sure what you mean by "security model"... > currently we have an offset for every type (data, privkey, pubkey, cert, > ...) and add the key index to create the file. I wonder if there are any > low leven semantics we have to observe, of if we can simply change those > offsets. The offsets can be changed. The only restriction is that the ids of files containing private keys must be unique in the low 5 bits within a DF. Prior to the pkcs15-rewrite, the base file ids were: private key 0x0006 extractable key 0x7000 data object 0x5000 public key 0x8000 certificate 0x9000 At one point, Olaf suggested the following offsets: priv key 3010 extractable key 3100 data object 3200 public key 3300 certificate 3400 which seemed fine, but he didn't commit any changes before he stopped working on opensc. I first brought this up a year ago: <http://www.opensc.org/pipermail/opensc-devel/2003-November/002971.html> And mentioned it again when the call for "current issues" went out in april. <http://www.opensc.org/pipermail/opensc-devel/2004-April/003844.html> I also suggested the possibility of basing the fileid offset on something other than the object id (such as the slot number in the PrKDF/DODF/CDF that the object info is stored in, or some sort of internal counter), but nobody replied, and I don't really have time to write code for opensc anymore. p7sptD2lCUSwg.p7s Description: S/MIME cryptographic signature _______________________________________________ OpenSC-devel mailing list OpenSC-devel@xxxxxxxxxx http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel Previous Message by Thread: click to view message previewRe: Testing with pkcs#11 and aladdinives steglich wrote: hi ppl, i did run some testing, see attached file but sometimes i run into problems like: CKR_ATTRIBUTE_TYPE_INVALID (0x12) any hints for me? no hints? greetings dalini Next Message by Thread: click to view message previewRe: opensc-0.9.2, Kobil, TCOSNils Larsch wrote: ... Für einw pkcs15 Emulation ? Ja sollte reichen, ich kann ja mal etwas diesbzgl. hacken (wenn ich noch einige andere Sachen bzgl. des neuen Releases erledigt habe). ich wollte nur sagen das ich Dich nicht vergessen habe ;-) ich war leider in den letzten Tagen sehr beschäftigt. Tschau, Nils Loading Comments...
|
|
