read cert from smart card

Mithat Bozkurt mithatbozkurt at gmail.com
Wed Feb 24 04:06:23 PST 2016 

Tubitak haven't return back yet. but i think no need this. because
after install opensc from ubuntu software center and run following
command i can see


mithat at adige:~$ pkcs11-tool --module /usr/lib/libakisp11.so -O -l

Using slot 0 with a present token (0x1)
Logging in to "Akis".
Please enter User PIN:
Public Key Object; RSA 2048 bits
  label:      62917107586NES0
  ID:         009020159e08d3abe24bd1a0742328c28b0c1104
  Usage:      verify
Public Key Object; RSA 2048 bits
  label:      62917107586SIGN0
  ID:         fd900c3bc420b0b439f71efa02efdf4550918fc4
  Usage:      verify
Certificate Object, type = X.509 cert
  label:      62917107586SIGN0
  ID:         fd900c3bc420b0b439f71efa02efdf4550918fc4
Certificate Object, type = X.509 cert
  label:      62917107586NES0
  ID:         009020159e08d3abe24bd1a0742328c28b0c1104
Private Key Object; RSA
  label:      62917107586NES0
  ID:         009020159e08d3abe24bd1a0742328c28b0c1104
  Usage:      sign
warning: PKCS11 function C_GetAttributeValue(ALWAYS_AUTHENTICATE)
failed: rv = CKR_ATTRIBUTE_TYPE_INVALID (0x12)

Private Key Object; RSA
  label:      62917107586SIGN0
  ID:         fd900c3bc420b0b439f71efa02efdf4550918fc4
  Usage:      sign
warning: PKCS11 function C_GetAttributeValue(ALWAYS_AUTHENTICATE)
failed: rv = CKR_ATTRIBUTE_TYPE_INVALID (0x12)


With this config it seems ok
mithat at adige:/etc/pkcs11/modules$ more akis.module
module: /usr/lib/libakisp11.so
#module: /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
managed: no

mithat at adige:/etc/pkcs11/modules$ p11tool --list-tokens
p11-kit: the 'log-calls' option for module 'akis' is only supported
for managed modules
....//trimmed
Token 1:
URL: pkcs11:model=AKIS%20V1.2%00%00%00%00%00%00%00;manufacturer=TUBITAK-UEKAE%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00;serial=0036218D34081A32;token=Akis%00A%ff%ff%ff%ff%ff%ff%ff%ff%ff%ff%ff%ff%ff%ff%ff%ff%ff%ff%ff%ff%ff%ff%ff%ff%ff%ff
Label: Akis
Type: Hardware token, Trust module
Manufacturer: TUBITAK-UEKAE
Model: AKIS V1.2
Serial: 0036218D34081A32
.....//trimmed

But this time i cant read cert

I don't know what i should  do :(

Mithat Bozkurt

24 Şub 2016 11:11 tarihinde "David Woodhouse" <dwmw2 at infradead.org> yazdı:
>
> On Sun, 2016-02-21 at 23:06 +0000, David Woodhouse wrote:
> >
> > OpenSC didn't find the device.
> >
> > https://github.com/OpenSC/OpenSC/wiki/Debugging-OpenSC-and-reporting-bugs
>
> Did you make any progress with this? Or with establishing why your
> proprietary PKCS#11 module doesn't work when invoked with a NULL
> argument to C_Initialize()?
>
> --
> dwmw2
>

More information about the openconnect-devel mailing list