[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pkinit/opensc/soft-pkcs11

To: heimdal-discuss@sics.se
Subject: Re: pkinit/opensc/soft-pkcs11
From: Matthew Andrews <matt@slackers.net>
Date: Wed, 05 Oct 2005 08:38:12 -0700
In-Reply-To: <m2hdbwdp0y.fsf@dhcp-wavelan-v-222.publik.su.se>
Organization: The Slackers' Network
References: <434329B9.9090401@slackers.net> <m2hdbwdp0y.fsf@dhcp-wavelan-v-222.publik.su.se>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Mozilla Thunderbird 1.0.6-1.1.fc3 (X11/20050720)

Love Hörnquist Åstrand wrote:

>"Matthew N. Andrews" <matt@slackers.net> writes:
>
>  
>
>>I get the following error:
>>kinit: krb5_get_init_creds: Can't decrypt key: error:2A008404:PKCS11
>>library:PKCS11_rsa_decrypt:Not supported
>>    
>>
>
>Isn't this because its not supported in the opensc pkcs11 engine ?
>
>Try using DH instead (kinit --pkinit-use-dh), that will only work with
>current Heimdal.
>
>Love
>
>  
>
Yes, I believe that the "Not Supported" error is orriginating in 
soft-pkcs11. I was just trying to figure out how you would succesfully 
use soft-pkcs11 with kinit if this was the case. is there a way to get 
openssl to use the engine only for certain operations?

thanks for the note aout --pkinit-use-dh, I'll try that out for now.

-Matt Andrews

Follow-Ups:
- Re: pkinit/opensc/soft-pkcs11
  - From: Love Hörnquist Åstrand <lha@kth.se>

References:
- pkinit/opensc/soft-pkcs11
  - From: "Matthew N. Andrews" <matt@slackers.net>
- Re: pkinit/opensc/soft-pkcs11
  - From: Love Hörnquist Åstrand <lha@kth.se>

Prev by Date: Re: pkinit/opensc/soft-pkcs11
Next by Date: Re: Pre-Expired Passwords
Prev by thread: Re: pkinit/opensc/soft-pkcs11
Next by thread: Re: pkinit/opensc/soft-pkcs11
Index(es):
- Date
- Thread