[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pkinit integration with smart card

> 31 aug 2006 kl. 23.12 skrev malexander@kcp.com:
>> Thanks for the response.  Complely new to these low level points  
>> with the Smart Card so I've been looking up some terms, I  
>> appreciate the advice.
>> I looked at the PKCS11-tool output first:
>> pkcs11-tool --module /usr/local/acgold/lib/libpkcs11.so  -M   
>> Supported mechanisms:
>>   RSA-PKCS, wrap, unwrap, other flags=0x20000
>>   SHA1-RSA-PKCS, sign, verify, wrap, unwrap, encrypt, decrypt,  
>> keypairgen, other flags=0x2d000
> This part is very strange.
> The SHA1-RSA-PKCS mechaism can only support sign and verify.
> Either the pkcs11 tool is broken and prints the wrong thing or the  
> card is pulling your leg.

So if you use hxtool from the snapshot that will be generated tonight  
you can see what heimdal thinks
about the pkcs11 module.


$ hxtool print --info PKCS11:/Users/lha/pkcs11/lib/soft-pkcs11.so
pkcs11 driver with 1 slot
slot 0: id: 1 name: SoftToken (slot) flags: 00000004
number of supported mechanisms: 3
   rsa-x-509(3) flags: (0x00062b01) unwrap, wrap, verify, sign,  
decrypt, encrypt, hw
   rsa-pkcs(1) flags: (0x00062b01) unwrap, wrap, verify, sign,  
decrypt, encrypt, hw
   sha1-rsa-pkcs(6) flags: (0x00002801) verify, sign, hw
cert: 0 (have private key)
     issuer:  "CN=Stockholm University CA,O=Stockholms universitet,C=SE"
     subject: "UID=lha,CN=Love Hornquist Astrand,O=Stockholm  
cert: 1
     issuer:  "CN=SwUPKI Policy CA,,O=Umea  
     subject: "CN=Stockholm University CA,O=Stockholms universitet,C=SE"
cert: 2
     issuer:  "CN=SwUPKI Policy CA,,O=Umea  
     subject: "CN=SwUPKI Policy CA,,O=Umea