I ran the hxtool (thanks for adding
that), but didn't see the results as in Love's output. I'll give
it the old college try to see if I can debug more with the ActivIdentity
P11 module.
$ hxtool print --info PKCS11:/usr/local/acgold/lib/libpkcs11.so hxtool: hx509_certs_init: Failed to get session PKCS11
slot 0
In the output from pkcstool listing
the objects I lots of warnings, and other unknown output:
malexander@kcp.com, "Douglas E.
Engert" <deengert@anl.gov>, heimdal-discuss@sics.se
Subject
Re: pkinit integration with smart card
> 31 aug 2006 kl. 23.12 skrev malexander@kcp.com:
>
>> Thanks for the response. Complely new to these low level
points
>> with the Smart Card so I've been looking up some terms, I
>> appreciate the advice.
>>
>> I looked at the PKCS11-tool output first:
>> pkcs11-tool --module /usr/local/acgold/lib/libpkcs11.so -M
>> Supported mechanisms:
>> RSA-PKCS, wrap, unwrap, other flags=0x20000
>> SHA1-RSA-PKCS, sign, verify, wrap, unwrap, encrypt, decrypt,
>> keypairgen, other flags=0x2d000
>
> This part is very strange.
>
> The SHA1-RSA-PKCS mechaism can only support sign and verify.
> Either the pkcs11 tool is broken and prints the wrong thing or the
> card is pulling your leg.
So if you use hxtool from the snapshot that will be generated tonight
you can see what heimdal thinks
about the pkcs11 module.