[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: pkinit with smartcard
Love Hörnquist Åstrand wrote:
> How is the card configured, does the private key allow both encryption
> and signing ?
well, i don't know much about smartcards part of it but i've been told
that the keys on the card show work for both signing and encrypting.
> You can get more info about the existance of the private key and some
> by using.
> hxtool print --info PKCS11:/...
/usr/heimdal/bin/hxtool print --info
hxtool: hx509_certs_init: Failed to get pin code for slot id 1 with
> 11 dec 2006 kl. 19.53 skrev Olga Kornievskaia:
>> after applying the patch i got:
>> kinit: krb5_get_init_creds: Failed to unenvelope CMS data in PK-INIT
>> reply: No private key decrypted the transfer key; Failed to decrypt
>> with certificate issued by CN=CITI Production KCA,O=University of
>> Michigan,L=Ann Arbor,220.127.116.11=Michigan,C=US with serial number 0107BA;
>> Failed to decrypt using private key: -1
>> Love Hörnquist Åstrand wrote:
>>> 11 dec 2006 kl. 19.17 skrev Olga Kornievskaia:
>>>> pkcs11 module release while session in use
>>> Ok, so I assume it failes signing or encryption. This should take
>>> way the abort
>>> and show the real error
>>> If this isn't the problem, please put a breakpoint in p11_get_session
>>> to find where the last get_session occur before the abourt.