Re: pkinit integration with smart card

[Love Hörnquist Åstrand <lha@kth.se>]

> 31 aug 2006 kl. 23.12 skrev malexander@kcp.com:
>
>> Thanks for the response.  Complely new to these low level points  
>> with the Smart Card so I've been looking up some terms, I  
>> appreciate the advice.
>>
>> I looked at the PKCS11-tool output first:
>> pkcs11-tool --module /usr/local/acgold/lib/libpkcs11.so  -M   
>> Supported mechanisms:
>>   RSA-PKCS, wrap, unwrap, other flags=0x20000
>>   SHA1-RSA-PKCS, sign, verify, wrap, unwrap, encrypt, decrypt,  
>> keypairgen, other flags=0x2d000
>
> This part is very strange.
>
> The SHA1-RSA-PKCS mechaism can only support sign and verify.
> Either the pkcs11 tool is broken and prints the wrong thing or the  
> card is pulling your leg.


So if you use hxtool from the snapshot that will be generated tonight  
you can see what heimdal thinks
about the pkcs11 module.

Love

$ hxtool print --info PKCS11:/Users/lha/pkcs11/lib/soft-pkcs11.so
pkcs11 driver with 1 slot
slot 0: id: 1 name: SoftToken (slot) flags: 00000004
number of supported mechanisms: 3
   rsa-x-509(3) flags: (0x00062b01) unwrap, wrap, verify, sign,  
decrypt, encrypt, hw
   rsa-pkcs(1) flags: (0x00062b01) unwrap, wrap, verify, sign,  
decrypt, encrypt, hw
   sha1-rsa-pkcs(6) flags: (0x00002801) verify, sign, hw
cert: 0 (have private key)
     issuer:  "CN=Stockholm University CA,O=Stockholms universitet,C=SE"
     subject: "UID=lha,CN=Love Hornquist Astrand,O=Stockholm  
universitet,C=SE"
cert: 1
     issuer:  "CN=SwUPKI Policy CA,2.5.4.11=SwUPKI-PCA,O=Umea  
University,C=SE"
     subject: "CN=Stockholm University CA,O=Stockholms universitet,C=SE"
cert: 2
     issuer:  "CN=SwUPKI Policy CA,2.5.4.11=SwUPKI-PCA,O=Umea  
University,C=SE"
     subject: "CN=SwUPKI Policy CA,2.5.4.11=SwUPKI-PCA,O=Umea  
University,C=SE"