logo       
<prev   next>

Re: eToken Pro openSSH: msg#00043

encryption.opensc.devel

Subject: Re: eToken Pro openSSH

Hi,

The "'tbsCertificate' not found" could mean that there is an empty
certificate file on the card (or one with zeros).
The sc_read_pubkey() function indicates something else, but this
function isn't in the current CVS HEAD (which version do you use)?

Could you perhaps try "pkcs15-tool -c -k", and then "pkcs15-tool -r <certID>"
for both certs on the card.
And perhaps "pkcs11-tool -t -l" to check the entire card?

Abou the "required access right not granted", did enter your PIN after
the "ssh -I 0:46 user@server "?

Best regards,
Stef

Boris von Alten Blaskowitz wrote:

Hi,
My system:
I have a new problem with openSSH and eToken Pro.
My Card has 2 Private Keys and 2 Certs.
Key1(ID45) and Cert1 was generated with openssl-engine. Key1(ID46) and Cert2 was generated with openssl and moved to the token with pkcs15-init.
The command
ssh -I 0:45 user@serrver
cause: asn1.c:1071:asn1_decode: mandatory ASN.1 object 'tbsCertificate' not found asn1.c:1083:asn1_decode: returning with: Required ASN.1 object not found pkcs15-cert.c:88:parse_x509_cert: ASN.1 parsing of certificate failed: Required ASN.1 object not found Certificate read faild: invalid ASN.1 object sc_read_pubkey failed: Invalid ASN.1 object
What is this object?


Command: ssh -I 0:46 user@server
cause: card-etoken.c:175:etoken_check_sw: required access right not granted card-etoken.c:631:do_compute_signature: returning with: Security status not satisfied card-etoken.c:175:etoken_check_sw: required access right not granted card-etoken.c:631:do_compute_signature: returning with: Security status not satisfied card-etoken.c:175:etoken_check_sw: required access right not granted card-etoken.c:631:do_compute_signature: returning with: Security status not satisfied sec.c:53:sc_compute_signature: returning with: Security status not satisfied pkcs15-sec.c:285:sc_pkcs15_compute_signature: sc_compute_signature() failed: Security status not satisfied sc_pkcs15_compute_signature() failed: Security status not satisfied ssh_rsa_sign: RSA_sign failed: error:00000000:lib(0):func(0):reason(0)
Is there one who have a clue what this mean?
Thanks so far
Boris



<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: eToken SC_ERROR_SECURITY_STATUS_NOT_SATISFIED: 00043, Stef Hoeben
Next by Date:  Re: eToken Pro openSSH: 00043, Paul Metselaar
Previous by Thread:  eToken Pro openSSHi: 00043, Boris von Alten Blaskowitz
Next by Thread:  Re: eToken Pro openSSH: 00043, Boris von Alten Blaskowitz
Indexes:  [Date] [Thread] [Top] [All Lists]

Google Custom Search
News | FAQ | advertise