EldoS | Feel safer!

Software components for data protection, secure storage and transfer

SmartCard PKCS11 access error using demos apps

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
#9712
Posted: 04/16/2009 08:26:48
by Pierre Costa (Basic support level)
Joined: 04/16/2009
Posts: 3

Hi,

I am trying to access certificates located into French medical SmartCard (the doctor's one that own signature and authentication certificates, protected by PIN code). I want to get to make SSL connection using the authent certificate protected by a PIN code.

I am looking for the right product and actually found SecureBlackBox that looks easier than direct API calls to PKCS11 and SSL libs.

But when I try the two PKCS11 oriented demos, I get "PKCS11 Error in function #12 code 226" when I try to Open the SmartCard. PKCS11 DLL is loaded, and the card reader appear in available slots listbox as "PC/SC reader on GALSS".

I read somebody's else topic in this forum looking for information about Smart Card access and an Eldos staff member anwsered PC/SC is not supported, is this why I get the error ?

regards.
#9713
Posted: 04/16/2009 08:39:26
by Ken Ivanov (EldoS Corp.)

Thank you for your interest in our products.

"Error in function #12 code 226" stands for "Error in function PKCS11_OpenSession, code CKR_TOKEN_WRITE_PROTECTED". Please try to pass the True value to the ReadOnly parameter of the OpenSession() method explicitly (the demo chooses it according to the corresponding flag of the slot object, but some tokens may expose wrong value through it).

SecureBlackbox does not support PC/SC, but it does support PKCS11. So if the token supports PKCS11, SecureBlackbox will be able to use it.
#9715
Posted: 04/16/2009 09:11:41
by Pierre Costa (Basic support level)
Joined: 04/16/2009
Posts: 3

Hi,

Thank you for this fast answer,

The token support PKCS11 so it should be ok, I did the trick and now it goes a bit further but this time error is code 6 in function #26.

regards.
#9716
Posted: 04/16/2009 09:27:58
by Ken Ivanov (EldoS Corp.)

It stands for CKR_FUNCTION_FAILED error in PKCS11_FindObjectsInit function. Are there any objects (certificates, private keys) available on the token? Actually, CKR_FUNCTION_FAILED is a non-conformant return value for PKCS11_FindObjectsInit() function (and that's why an exception is thrown), but I assume that some tokens may return it if no objects are available on the token.
#9717
Posted: 04/16/2009 13:14:01
by Pierre Costa (Basic support level)
Joined: 04/16/2009
Posts: 3

The SmartCard contain two X.509 certificates one for signing and one for authentication.
#9721
Posted: 04/17/2009 00:03:13
by Ken Ivanov (EldoS Corp.)

Hmm, it's quite strange then. I have one idea actually. Let's continue the conversation in the Helpdesk (the forum does not allow to post big files). I've created a helpdesk ticket for you.
Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.

Reply

Statistics

Topic viewed 2915 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!