[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

pkinit/opensc/soft-pkcs11

To: heimdal-discuss@sics.se
Subject: pkinit/opensc/soft-pkcs11
From: "Matthew N. Andrews" <matt@slackers.net>
Date: Tue, 04 Oct 2005 18:17:45 -0700
Sender: owner-heimdal-discuss@sics.se
User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050716)

so after wrestling with a mass of linking problems I seem to finally 
have openssl, heimdal, opensc, and soft-pkcs11 all built with debugging 
and without optimization(YAY!). now however I'm still having some 
trouble getting it all to work.

when I run "kinit -C 
ENGINE:ENGINE=dynamic,PRE=SO_PATH:/opt/opensc-0.9.6/lib/opensc/engine_pkcs11.so,PRE=ID:pkcs11,PRE=LIST_ADD:1,PRE=LOAD,PRE=MODULE_PATH:/usr/local/lib/soft-pkcs11.so,CERT=/tmp/x509up_u31765,KEY=slot_0 
ma3d"

I get the following error:
kinit: krb5_get_init_creds: Can't decrypt key: error:2A008404:PKCS11 
library:PKCS11_rsa_decrypt:Not supported

now this seems to be a case of openssl trying to use the engine that was 
loaded to decrypt something which soft-pkcs11 does not do. Is this 
supposed to fail in this way?

Love, I notice that you have this error on your pkinit for heimdal page. 
Is it currently possible to use soft-pkcs11 with heimdal pkinit?

Just fyi I'm using heimdal-20050927, opensc-0.9.6, openssl-0.9.8, and 
soft-pkcs11-1.3.

(I could have sworn I saw this work once, but then again I might just be 
completely halucinating after spending 3 out of the last four days on 
this stuff.)

-Matt

Follow-Ups:
- Re: pkinit/opensc/soft-pkcs11
  - From: "Douglas E. Engert" <deengert@anl.gov>
- Re: pkinit/opensc/soft-pkcs11
  - From: Love Hörnquist Åstrand <lha@kth.se>

Prev by Date: Re: linking heimdal to an openssl library other than the one in thedefault search path.
Next by Date: Re: pkinit/opensc/soft-pkcs11
Prev by thread: please respond.
Next by thread: Re: pkinit/opensc/soft-pkcs11
Index(es):
- Date
- Thread