read cert from smart card

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2016-02-25 at 09:15 +0200, Mithat Bozkurt wrote:
> 
> I don't understand why I export cert to file. I think device should
> block this action because this is my e-signature cert.

No, the non-exportable part is the private key. The certificate is
public, and declares that anyone who can prove that they have that
private key, is whoever is identified as the subject of the
certificate.

If you go to secure web sites, you can inspect their *certificates* to
check who they are. That's kind of the point. What you can't get is
their matching private key.

And later...

On Thu, 2016-02-25 at 08:41 +0200, Mithat Bozkurt wrote:
> Do I need specify 'type=private' to say 'use my private cert for user
> cert'?

No, OpenConnect needs to use *both* the certificate and the
corresponding private key. It will append ';type=cert' or
';type=private' to the URI you give it, as appropriate. Note that it
still isn't *exporting* the private key; it's using it in-place.

TBH if OpenSC is supposed to drive this card, I really think you're
better off pursuing that approach rather than persisting with the
broken proprietary PKCS#11 token.

Can you try
?opensc-tool -l
?opensc-tool --atr
?opensc-tool --name

as described in the 'Debugging OpenSC' link I gave you?

--?
dwmw2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5691 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20160225/a0a51d7a/attachment-0001.bin>


[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux