[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pkinit with smartcard



How is the card configured, does the private key allow both  
encryption and signing ?

You can get more info about the existance of the private key and some  
certificate
by using.

hxtool print --info  PKCS11:/...

Love

11 dec 2006 kl. 19.53 skrev Olga Kornievskaia:

> after applying the patch i got:
> kinit: krb5_get_init_creds: Failed to unenvelope CMS data in PK- 
> INIT reply: No private key decrypted the transfer key; Failed to  
> decrypt with certificate issued by CN=CITI Production  
> KCA,O=University of Michigan,L=Ann Arbor,2.5.4.8=Michigan,C=US with  
> serial number 0107BA; Failed to decrypt using private key: -1
>
>
> Love Hörnquist Åstrand wrote:
>>
>> 11 dec 2006 kl. 19.17 skrev Olga Kornievskaia:
>>
>>> pkcs11 module release while session in use
>>
>> Ok, so I assume it failes signing or encryption. This should take  
>> way the abort
>> and show the real error
>>
>> http://people.su.se/~lha/patches/heimdal/hx509-fail-put.txt
>>
>> If this isn't the problem, please put a breakpoint in p11_get_session
>> to find where the last get_session occur before the abourt.
>>
>> Love
>>
>>
>>