read cert from smart card
Nikos Mavrogiannopoulos
n.mavrogiannopoulos at gmail.com
Thu Feb 25 00:03:51 PST 2016
On Thu, Feb 25, 2016 at 8:15 AM, Mithat Bozkurt <mithatbozkurt at gmail.com> wrote:
> mithat at adige:~$ p11tool -v
> p11tool 3.3.15
> Copyright (C) 2000-2015 Free Software Foundation, and others, all
> rights reserved.
> This is free software. It is licensed for use, modification and
> redistribution under the terms of the GNU General Public License,
> version 3 or later <http://gnu.org/licenses/gpl.html>
> mithat at adige:~$ p11tool -d 4 --export
> 'pkcs11:serial=0036218D34081A32;object=62917107586NES0;type=cert'
> Setting log level to 4
> |<2>| p11: Initializing module: p11-kit-trust
> |<2>| p11: Initializing module: akis
> |<2>| p11: Initializing module: gnome-keyring
> |<3>| ASSERT: pkcs11.c:503
> |<2>| Initializing PKCS #11 modules
> |<2>| p11: Skipped object, missing attrs.
> |<3>| ASSERT: pkcs11.c:1758
> |<3>| ASSERT: pkcs11.c:1685
> |<3>| ASSERT: pkcs11.c:1824
> Error in pkcs11_export:257: The requested data were not available.
> I don't understand why I export cert to file. I think device should
> block this action because this is my e-signature cert.
If the certificate is not exportable then you cannot use it for
openconnect or any other application (note that this is the
'certificate' which has public parameters, not the private key). Have
you tried adding --login to the export command line?
regards,
Nikos
More information about the openconnect-devel
mailing list