[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pkinit with smartcard

To: Love Hörnquist Åstrand <lha@kth.se>
Subject: Re: pkinit with smartcard
From: Olga Kornievskaia <aglo@citi.umich.edu>
Date: Mon, 11 Dec 2006 16:15:24 -0500
Cc: heimdal-discuss@sics.se
In-Reply-To: <BD6AC5F4-00EE-4B86-A1D9-9E2E29B73FBD@kth.se>
References: <457A1780.1060403@citi.umich.edu> <5D26DA27-544D-476D-98D8-00F3F678007C@kth.se> <457CEAF6.9090804@citi.umich.edu> <F198E282-26B1-47AD-B54C-10981CC7195F@kth.se> <457DA0C7.3080009@citi.umich.edu> <621376BC-EDEE-4CA1-89C8-AE1A0FFBCDB1@kth.se> <457DA940.7070501@citi.umich.edu> <BD6AC5F4-00EE-4B86-A1D9-9E2E29B73FBD@kth.se>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Thunderbird 1.5.0.8 (X11/20061107)



Love Hörnquist Åstrand wrote:
> How is the card configured, does the private key allow both encryption 
> and signing ?
well, i don't know much about smartcards part of it but i've been told 
that the keys on the card show work for both signing and encrypting.
> You can get more info about the existance of the private key and some 
> certificate
> by using.
>
> hxtool print --info  PKCS11:/...
i get:
/usr/heimdal/bin/hxtool print --info 
PKCS11:/usr/local/acgold/lib/libpkcs11.so
hxtool: hx509_certs_init: Failed to get pin code for slot id 1 with 
error: 569927

> Love
>
> 11 dec 2006 kl. 19.53 skrev Olga Kornievskaia:
>
>> after applying the patch i got:
>> kinit: krb5_get_init_creds: Failed to unenvelope CMS data in PK-INIT 
>> reply: No private key decrypted the transfer key; Failed to decrypt 
>> with certificate issued by CN=CITI Production KCA,O=University of 
>> Michigan,L=Ann Arbor,2.5.4.8=Michigan,C=US with serial number 0107BA; 
>> Failed to decrypt using private key: -1
>>
>>
>> Love Hörnquist Åstrand wrote:
>>>
>>> 11 dec 2006 kl. 19.17 skrev Olga Kornievskaia:
>>>
>>>> pkcs11 module release while session in use
>>>
>>> Ok, so I assume it failes signing or encryption. This should take 
>>> way the abort
>>> and show the real error
>>>
>>> http://people.su.se/~lha/patches/heimdal/hx509-fail-put.txt
>>>
>>> If this isn't the problem, please put a breakpoint in p11_get_session
>>> to find where the last get_session occur before the abourt.
>>>
>>> Love
>>>
>>>
>>>
>
>
>

Follow-Ups:
- Re: pkinit with smartcard
  - From: "Douglas E. Engert" <deengert@anl.gov>
- Re: pkinit with smartcard
  - From: "Douglas E. Engert" <deengert@anl.gov>

References:
- pkinit with smartcard
  - From: Olga Kornievskaia <aglo@citi.umich.edu>
- Re: pkinit with smartcard
  - From: Love Hörnquist Åstrand <lha@kth.se>
- Re: pkinit with smartcard
  - From: Olga Kornievskaia <aglo@citi.umich.edu>
- Re: pkinit with smartcard
  - From: Love Hörnquist Åstrand <lha@kth.se>
- Re: pkinit with smartcard
  - From: Olga Kornievskaia <aglo@citi.umich.edu>
- Re: pkinit with smartcard
  - From: Love Hörnquist Åstrand <lha@kth.se>
- Re: pkinit with smartcard
  - From: Olga Kornievskaia <aglo@citi.umich.edu>
- Re: pkinit with smartcard
  - From: Love Hörnquist Åstrand <lha@kth.se>

Prev by Date: Re: pkinit with smartcard
Next by Date: Cannot contact any KDC for requested realm
Prev by thread: Re: pkinit with smartcard
Next by thread: Re: pkinit with smartcard
Index(es):
- Date
- Thread