read cert from smart card

Mithat Bozkurt mithatbozkurt at gmail.com
Sun Feb 21 14:39:02 PST 2016 

I still have same error on p11-kit command though remove /etc/pkcs11
and reboot. I don't understand Why I see this output

C_Initialize
  IN: pInitArgs = NULL
C_Initialize = CKR_ARGUMENTS_BAD

So I recreated that directory and akis.module and change module path
as below now Is it OK??????

#AKIS
#module: /usr/lib/libakisp11.so
module: /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
managed: yes
trust-policy: yes
log-calls: yes


after this output of p11-kit command as below

mithat at adige:/etc/pkcs11/modules$ p11-kit list-modules
C_Initialize
  IN: pInitArgs = NULL
C_Initialize = CKR_OK
p11-kit-trust: p11-kit-trust.so
    library-description: PKCS#11 Kit Trust Module
    library-manufacturer: PKCS#11 Kit
    library-version: 0.23
    token: System Trust
        manufacturer: PKCS#11 Kit
        model: p11-kit-trust
        serial-number: 1
        hardware-version: 0.23
        flags:
               write-protected
               token-initialized
akis: /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
C_GetInfo
 OUT: pInfo = {
cryptokiVersion: 2.20
manufacturerID: "OpenSC (www.opensc-project.org)"
flags: 0
libraryDescription: "Smart card PKCS#11 API"
libraryVersion: 0.0
      }
C_GetInfo = CKR_OK
    library-description: Smart card PKCS#11 API
    library-manufacturer: OpenSC (www.opensc-project.org)
    library-version: 0.0
C_GetSlotList
  IN: tokenPresent = CK_TRUE
  IN: pulCount = 0x7FFF1CE07958 = 256
 OUT: pSlotList = (0) [  ]
C_GetSlotList = CKR_OK
gnome-keyring: gnome-keyring-pkcs11.so
    library-description: GNOME Keyring Daemon Core
    library-manufacturer: GNOME Keyring
    library-version: 1.1
    token: SSH Keys
        manufacturer: Gnome Keyring
        model: 1.0
        serial-number: 1:SSH:HOME
        flags:
               write-protected
               user-pin-initialized
               protected-authentication-path
               token-initialized
    token: Secret Store
        manufacturer: Gnome Keyring
        model: 1.0
        serial-number: 1:SECRET:MAIN
        flags:
               login-required
               user-pin-initialized
               protected-authentication-path
               token-initialized
    token: Gnome2 Key Storage
        manufacturer: Gnome Keyring
        model: 1.0
        serial-number: 1:USER:DEFAULT
        flags:
               login-required
               user-pin-initialized
               protected-authentication-path
               token-initialized
    token: User Key Storage
        manufacturer: Gnome Keyring
        model: 1.0
        serial-number: 1:XDG:DEFAULT
        flags:
               protected-authentication-path
               token-initialized
C_Finalize
  IN: pReserved = NULL
C_Finalize = CKR_OK


By the way I run that command in verbose mode after that still print
out verbose mode without -v parameter.


2016-02-21 23:09 GMT+02:00 Mithat Bozkurt <mithatbozkurt at gmail.com>:
> I think opensc version 0.15.0 includes AKIS. You can see akis driver info.
>
> mithat at adige:~$ opensc-tool -D
> Configured card drivers:
>   cardos           Siemens CardOS
>   flex             Schlumberger Multiflex/Cryptoflex
>   cyberflex        Schlumberger Cyberflex
>   gpk              Gemplus GPK
>   gemsafeV1        driver for the Gemplus GemSAFE V1 applet
>   miocos           MioCOS 1.1
>   asepcos          Athena ASEPCOS
>   starcos          STARCOS SPK 2.3/2.4
>   tcos             TCOS 3.0
>   openpgp          OpenPGP card
>   jcop             JCOP cards with BlueZ PKCS#15 applet
>   oberthur         Oberthur AuthentIC.v2/CosmopolIC.v4
>   authentic        Oberthur AuthentIC v3.1
>   iasecc           IAS-ECC
>   belpic           Belpic cards
>   ias              IAS
>   incrypto34       Incard Incripto34
>   acos5            ACS ACOS5 card
>   akis             TUBITAK UEKAE AKIS
>   entersafe        entersafe
>   epass2003        epass2003
>   rutoken          Rutoken driver
>   rutoken_ecp      Rutoken ECP driver
>   westcos          WESTCOS compatible cards
>   myeid            MyEID cards with PKCS#15 applet
>   sc-hsm           SmartCard-HSM
>   dnie             DNIe: Spanish eID card
>   MaskTech         MaskTech Smart Card
>   mcrd             MICARDO 2.1 / EstEID 1.0 - 3.0
>   setcos           Setec cards
>   muscle           MuscleApplet
>   atrust-acos      A-Trust ACOS cards
>   piv              PIV-II  for multiple cards
>   itacns           Italian CNS
>   isoApplet        Javacard with IsoApplet
>   default          Default driver for unknown cards
>
>
> 2016-02-21 22:51 GMT+02:00 Mithat Bozkurt <mithatbozkurt at gmail.com>:
>> https://github.com/OpenSC/OpenSC/wiki/AKiS-cards says that "It is also
>> only available in OpenSC svn /trunk/ and not included in any OpenSC
>> release yet."
>>
>> On the other hand Maybe site is not up-to-date. Since site doesn't say
>> new features of AKIS such as  SHA-256, Common Criteria (CC) EAL5+. I
>> asked to TUBITAK  for this.
>>
>> Thank you.
>>
>> 2016-02-21 22:03 GMT+02:00 David Woodhouse <dwmw2 at infradead.org>:
>>> On Sun, 2016-02-21 at 21:53 +0200, Mithat Bozkurt wrote:
>>>> I install opensc from ubuntu software center. Do I need to do
>>>> additional thing?
>>>
>>> I don't know. I don't know if Ubuntu packages OpenSC correctly. Does it
>>> show up when you run 'p11-kit --list-tokens'?
>>>
>>> I would expect it to work in Fedora, but that's not *necessarily* a
>>> helpful comment.
>>>
>>> --
>>> dwmw2
>>>

More information about the openconnect-devel mailing list