[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

pkinit and OpenPGP Smartcard

To: heimdal-discuss@sics.se
Subject: pkinit and OpenPGP Smartcard
From: Christian Wore <cwore@web.de>
Date: Mon, 01 Oct 2007 14:45:07 +0200
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
Reply-To: heimdal-discuss@sics.se, Christian Wore <cwore@web.de>
User-Agent: Icedove 1.5.0.12 (X11/20070607)

Hi Folks,

does anybody have knowledge about the OpenPGP card working with heimdal 
and pkinit?

Currently im on it, but it won't really work.

I'm working on a Debian Sid with heimdal 1.0.1-2 from the Debian 
experimental repository.

here are my trys:

# gpg --card-status
gpg: detected reader `Omnikey Cardman 00 00'
Application ID ...: D27600012401010100010000092B0000
Version ..........: 1.1
Manufacturer .....: PPC Card Systems
Serial number ....: 0000092B
Name of cardholder: [not set]
Language prefs ...: de
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Private DO 1 .....: [not set]
Private DO 2 .....: [not set]
Signature PIN ....: forced
Max. PIN lengths .: 254 254 254
PIN retry counter : 3 3 0
Signature counter : 6
Signature key ....: C985 7A18 A516 8530 89B3  36FE F0F9 0A57 F928 920B
      created ....: 2006-08-14 12:20:14
Encryption key....: DF17 92FC 7F17 F603 FB75  F2B1 B04C 2B32 EF4A D307
      created ....: 2006-08-14 12:20:24
Authentication key: 0559 17B8 CFDE C19A C663  EEE0 4DEE BC85 B891 7BA5
      created ....: 2006-08-14 12:20:23
General key info..: [none]

this is the status output of the OpenPGP card, everything seems fine.

# opensc-tool -l
Readers known about:
Nr.    Driver     Name
0      pcsc       Omnikey Cardman 00 00
1      openct     OpenCT reader (detached)
2      openct     OpenCT reader (detached)
3      openct     OpenCT reader (detached)
4      openct     OpenCT reader (detached)
5      openct     OpenCT reader (detached)


My Cardman4040 PCMCIA Reader is ok...

# /usr/heimdal/bin/hxtool print --info PKCS11:/usr/local/lib/soft-pkcs11.so
hxtool: hx509_certs_init: Failed to get pin code for slot id 1 with 
error: 569927

i want to some info from hxtool, i get this error...


# pkcs11-tool --module /usr/lib/libmusclepkcs11.so.0 --show-info
Cryptoki version 2.11
Manufacturer     SCHLUMBERGER
Library          SLB PKCS #11 module (ver 1.0)


# pkcs11-tool --module /usr/local/lib/soft-pkcs11.so --list-slots
Available slots:
Slot 1           SoftToken (slot)
  token label:   SoftToken (token)
  token manuf:   SoftToken (token)
  token model:   SoftToken (toke
  token flags:   login required, PIN initialized, token initialized
  serial num  :  4711


okay, here you can see pkcs11-tool finds a slot, so i think it should 
work..or?



# /usr/heimdal/bin/kinit --pk-use-enckey -C 
PKCS11:/usr/local/lib/soft-pkcs11.so
PIN code for SoftToken (slot):
slot not in session
Abgebrochen

"slot not in session" what does this mean? and why pkcs11-tool and 
opensc-tool tell me that my card has a slot.

Sorry for dump questions... ;)

Christian

Follow-Ups:
- Re: pkinit and OpenPGP Smartcard
  - From: Love Hörnquist Åstrand <lha@kth.se>

Prev by Date: Re: GSSAPI Key Exchange Patch for OpenSSH 4.7p1
Next by Date: Re: pkinit and OpenPGP Smartcard
Prev by thread: Re: GSSAPI Key Exchange Patch for OpenSSH 4.7p1
Next by thread: Re: pkinit and OpenPGP Smartcard
Index(es):
- Date
- Thread