On 02/10/2011 10:39 PM, Guy wrote: > Bob, > > Op 09-02-11 22:33, Robert Relyea schreef: >> On 02/09/2011 12:33 PM, Guy wrote: >>> Hi, >>> >>> I'm the one who started this thread but it got slightly derailed and >>> biased towards gentoo. >>> My systems are Opensuse 11.3 and Fedora14 and the problem I have is >>> that I do not get prompted for the PIN when issueing either >>> pkcs11_inspect or pkcs11_listcerts. I've never seen it work on either >>> of these systems. Pcsc_scan works though, it never complains. >> This seems to indicate a problem with the pkcs11 module (probably >> coolkey). Is the card you are using an actual CAC card, or one of >> ActiveCard's 'CAC-Like' (where they use the CAC applet, but issued >> through some other agency than DISA). > > It's not a card as such, it's a usb sim (appearance is that of a usb > memory stick) so I guess it's CAC-Like. > A lot of information can be found withing this thread where Lyall and > myself supply output of various commands. > I'm not qualified enough to give you the answer right away I' afraid. > >>> >>> My Opensuse 11.3 bears all the latest pcsc-lite, opensc, coolkey, etc >>> packages. The Fedora14 system is stock + all automatic updates. >>> I run these 2 systems on a Dell Lattitude D830 over the usb port >>> (opensuse on a usb disk, fedora on a usb memory stick). >>> I plugged the Fedorea usb stick into my home tower pc, with an Asus >>> mobo, but the results are the same, so it's not Dell specific. >>> >>> My home tower pc runs Opensuse 11.0 natively and there it just works >>> fine, I'm asked for the PIN and when supplied I get the certificates >>> listed. >>> The coolkey package, version 1.1.0-79.1, dates from June 2008. >> Thanks, this is helpful. How many certs does your card have? > > There's only one cert on it (this is an excerpt from my old working > Opensuse 11.0 distro) : > > DEBUG:pkcs11_lib.c:47: PIN = [xxxxxxxx] > DEBUG:pkcs11_lib.c:528: cert 0: found (Guy Zelck:CAC ID Certificate), > "E=guy.zelck@xxxxxx,CN=Guy Zelck,OU=VPN-WEB-H,OU=Employment Status - > Employees,O=Hewlett-Packard Company" > DEBUG:pkcs11_listcerts.c:112: Found '1' certificate(s) > DEBUG:pkcs11_listcerts.c:117: Certificate #1: > DEBUG:pkcs11_listcerts.c:119: - Subject: E=guy.zelck@xxxxxx,CN=Guy > Zelck,OU=VPN-WEB-H,OU=Employment Status - Employees,O=Hewlett-Packard > Company > DEBUG:pkcs11_listcerts.c:121: - Issuer: CN=Hewlett-Packard Primary > Class 2 Certification Authority,O=Hewlett-Packard Company,C=US,OU=IT > Infrastructure,O=hp.com > DEBUG:pkcs11_listcerts.c:123: - Algorithm: PKCS #1 RSA Encryption > DEBUG:cert_vfy.c:32: Verifying Cert: Guy Zelck:CAC ID Certificate > (E=guy.zelck@xxxxxx,CN=Guy Zelck,OU=VPN-WEB-H,OU=Employment Status - > Employees,O=Hewlett-Packard Company) > DEBUG:pkcs11_listcerts.c:147: releasing pkcs #11 module... > DEBUG:pkcs11_listcerts.c:150: Process completed OK, my guess is you are running into a bug in coolkey that expects 3 certs, not one. It was fixed at one point in time, but appears to have regressed. It would be good to add that info to the bug. bob > > > Gtz, > Guy.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Coolkey-devel mailing list Coolkey-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/coolkey-devel