[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pkinit with smartcard

How is the card configured, does the private key allow both  
encryption and signing ?

You can get more info about the existance of the private key and some  
by using.

hxtool print --info  PKCS11:/...


11 dec 2006 kl. 19.53 skrev Olga Kornievskaia:

> after applying the patch i got:
> kinit: krb5_get_init_creds: Failed to unenvelope CMS data in PK- 
> INIT reply: No private key decrypted the transfer key; Failed to  
> decrypt with certificate issued by CN=CITI Production  
> KCA,O=University of Michigan,L=Ann Arbor,,C=US with  
> serial number 0107BA; Failed to decrypt using private key: -1
> Love Hörnquist Åstrand wrote:
>> 11 dec 2006 kl. 19.17 skrev Olga Kornievskaia:
>>> pkcs11 module release while session in use
>> Ok, so I assume it failes signing or encryption. This should take  
>> way the abort
>> and show the real error
>> http://people.su.se/~lha/patches/heimdal/hx509-fail-put.txt
>> If this isn't the problem, please put a breakpoint in p11_get_session
>> to find where the last get_session occur before the abourt.
>> Love