25 Jan
2011
25 Jan
'11
9:04 p.m.
On 01/25/2011 08:15 PM, Lionel Elie Mamane wrote:
[...]
Indeed that works, thanks.
Actually, I had already tried this earlier, but it took so long that I
mistakenly believed it was hung...
... btw, is this long wait expected? I seem to understand that there is
some caching functionality, maybe for me this is off for some reason?
Another strange thing:
From what I
experimentally observed, pkcs11-tool does not load a
PKCS#11 module/middleware by
default, but does not clearly say so. You
need to tell it to load the OpenSC PKCS#11 module (or the Gemalto
binary-only one, if that's what you want), just like the Mozilla
applications. It is as stupid as that :)
Try adding "--module=/opensc/prefix/lib/opensc-pkcs11.so".
time /some/place/bin/pkcs11-tool --slot 1
--module=/some/place/lib/opensc-pkcs11.so -t -l
Logging in to "GemP15-1 (User
PIN)".
Please enter User PIN:
C_SeedRandom() and C_GenerateRandom():
seeding (C_SeedRandom) not supported
ERR: C_GenerateRandom failed: CKR_GENERAL_ERROR (0x5)
Digests:
all 4 digest functions seem to work
MD5: OK
SHA-1: OK
RIPEMD160: OK
Signatures (currently only RSA signatures)
testing key 0 (User Cert Sig )
error: PKCS11 function C_SignFinal failed: rv = CKR_USER_NOT_LOGGED_IN (0x101)
Aborting.
/some/place/bin/pkcs11-tool --slot 1 --module=/some/place/lib/opensc-pkcs11.s 0.01s user
0.04s system 0% cpu 24.305 total
Why does it say CKR_USER_NOT_LOGGED_IN? My pin was correct;
indeed, for an incorrect pin I get this:
time /some/place/bin/pkcs11-tool --slot 1
--module=/some/place/lib/opensc-pkcs11.so -t -l
Logging in to "GemP15-1 (User
PIN)".
Please enter User PIN:
error: PKCS11 function C_Login failed: rv = CKR_PIN_INCORRECT (0xa0)
Aborting.
/some/place/bin/pkcs11-tool --slot 1 --module=/some/place/lib/opensc-pkcs11.s 0.01s user
0.04s system 0% cpu 18.292 total
Alain