[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

pkinit and OpenPGP Smartcard

Hi Folks,

does anybody have knowledge about the OpenPGP card working with heimdal 
and pkinit?

Currently im on it, but it won't really work.

I'm working on a Debian Sid with heimdal 1.0.1-2 from the Debian 
experimental repository.

here are my trys:

# gpg --card-status
gpg: detected reader `Omnikey Cardman 00 00'
Application ID ...: D27600012401010100010000092B0000
Version ..........: 1.1
Manufacturer .....: PPC Card Systems
Serial number ....: 0000092B
Name of cardholder: [not set]
Language prefs ...: de
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Private DO 1 .....: [not set]
Private DO 2 .....: [not set]
Signature PIN ....: forced
Max. PIN lengths .: 254 254 254
PIN retry counter : 3 3 0
Signature counter : 6
Signature key ....: C985 7A18 A516 8530 89B3  36FE F0F9 0A57 F928 920B
      created ....: 2006-08-14 12:20:14
Encryption key....: DF17 92FC 7F17 F603 FB75  F2B1 B04C 2B32 EF4A D307
      created ....: 2006-08-14 12:20:24
Authentication key: 0559 17B8 CFDE C19A C663  EEE0 4DEE BC85 B891 7BA5
      created ....: 2006-08-14 12:20:23
General key info..: [none]

this is the status output of the OpenPGP card, everything seems fine.

# opensc-tool -l
Readers known about:
Nr.    Driver     Name
0      pcsc       Omnikey Cardman 00 00
1      openct     OpenCT reader (detached)
2      openct     OpenCT reader (detached)
3      openct     OpenCT reader (detached)
4      openct     OpenCT reader (detached)
5      openct     OpenCT reader (detached)

My Cardman4040 PCMCIA Reader is ok...

# /usr/heimdal/bin/hxtool print --info PKCS11:/usr/local/lib/soft-pkcs11.so
hxtool: hx509_certs_init: Failed to get pin code for slot id 1 with 
error: 569927

i want to some info from hxtool, i get this error...

# pkcs11-tool --module /usr/lib/libmusclepkcs11.so.0 --show-info
Cryptoki version 2.11
Manufacturer     SCHLUMBERGER
Library          SLB PKCS #11 module (ver 1.0)

# pkcs11-tool --module /usr/local/lib/soft-pkcs11.so --list-slots
Available slots:
Slot 1           SoftToken (slot)
  token label:   SoftToken (token)
  token manuf:   SoftToken (token)
  token model:   SoftToken (toke
  token flags:   login required, PIN initialized, token initialized
  serial num  :  4711

okay, here you can see pkcs11-tool finds a slot, so i think it should 

# /usr/heimdal/bin/kinit --pk-use-enckey -C 
PIN code for SoftToken (slot):
slot not in session

"slot not in session" what does this mean? and why pkcs11-tool and 
opensc-tool tell me that my card has a slot.

Sorry for dump questions... ;)