5 sep 2006 kl. 20.58 skrev Love Hörnquist Åstrand: cert: 0 (have private key)
issuer: "OU=CA,OU=Kansas City Plant,OU=Department of Energy,O=U.S. Government,C=US"
subject: "2.5.4.5=u60267+CN=Michael B. Alexander,OU=local,OU=person,OU=Kansas City Plant,OU=Department of Energy,O=U.S. Government,C=US"
cert: 1 (have private key)
issuer: "OU=CA,OU=Kansas City Plant,OU=Department of Energy,O=U.S. Government,C=US"
subject: "2.5.4.5=u60267+CN=Michael B. Alexander,OU=local,OU=person,OU=Kansas City Plant,OU=Department of Energy,O=U.S. Government,C=US"
And here it the real problem, you have two cert/public key/private key triplets on the card and the code that is supposed to select the signing certificate somehow failes to do the right thing, it chooses the encryption only cert/key, and after that, everything goes bad.
I apperenty already had those kind of certificates, but just not support in hxtool to use them, pk-init should use them.
With the patch below you can test if the selection code works for your certificates.
$ for a in "" "-ke-only" "-ds-only" ; do ./hxtool query --digitalSig --print \ FILE:$HOME/src/heimdal/lib/hx509/data/test$a.crt ; done match found private key: no issuer: "C=SE,CN=hx509 Test Root CA" subject: "CN=Test cert,C=SE" no match found (569873) match found private key: no issuer: "C=SE,CN=hx509 Test Root CA" subject: "CN=Test cert DigitalSignature,C=SE"
Love
|