[Spice-devel] smartcard usage

william kc at cobradevil.org
Wed Mar 2 02:31:27 PST 2011 

On 03/02/2011 11:08 AM, william wrote:
>
> Well maybe i need to be more carefull at what i say about working :)
>
> I can get the certificates but when i try to use the certs to login 
> with pkinit i get a device error when trying to sign the 
> pkinit_as_req_create
>
> kerberos debug says:
> found 1 private keys (ok)
> C_sign: device error
> failed to create pkcs7 signed data
>
> It works on the client itself with the same config except the 
> libaetpkss.so and the libcoolkeypk11.so
>
> Could it be that the aet middleware libaetpkss is not fully compliant 
> or something with the virtual smartcard?
>
>
> William
Probably it has todo something with the following error when using 
pkcs11-tool --module /usr/lib/pkcs11/libcoolkeypk11.so -O -l

warning: PKCS11 function C_GetAttributeValue(MODULUS_BITS) failed: rv = 
CKR_ATTRIBUTE_TYPE_INVALID (0x12)

warning: PKCS11 function C_GetAttributeValue(MODULUS_BITS) failed: rv = 
CKR_ATTRIBUTE_TYPE_INVALID (0x12)

warning: PKCS11 function C_GetAttributeValue(MODULUS_BITS) failed: rv = 
CKR_ATTRIBUTE_TYPE_INVALID (0x12)

Private Key Object; RSA
   label:      CAC ID Certificate
   ID:         0001
   Usage:      sign
Public Key Object; RSA 0 bits
   label:      CAC ID Certificate
   ID:         0001
   Usage:      verify
Certificate Object, type = X.509 cert
   label:      CAC ID Certificate
   ID:         0001
Private Key Object; RSA
   label:      CAC Email Signature Certificate
   ID:         0002
   Usage:      sign
Public Key Object; RSA 0 bits
   label:      CAC Email Signature Certificate
   ID:         0002
   Usage:      verify
Certificate Object, type = X.509 cert
   label:      CAC Email Signature Certificate
   ID:         0002
Private Key Object; RSA
   label:      CAC Email Encryption Certificate
   ID:         0003
   Usage:      decrypt
Public Key Object; RSA 0 bits
   label:      CAC Email Encryption Certificate
   ID:         0003
   Usage:      encrypt
Certificate Object, type = X.509 cert
   label:      CAC Email Encryption Certificate
   ID:         0003

>
>
> _______________________________________________
> Spice-devel mailing list
> Spice-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/spice-devel
>

More information about the Spice-devel mailing list