EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Error when using OpenSC PKCS#11 module

Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.
#4422
Posted: 12/03/2007 09:10:20
by Simone Ferrari (Basic support level)
Joined: 12/03/2007
Posts: 22

Hello, I am trying to use PKIBlackBox with OpenSC's PKCS#11 module but it fails.
I simply launched the sample application that came with PKIBlackBox and it fails on the method Storage.Open.

I've tried using the same PKCS#11 module with Firefox and it works perfectly.

According to the log created by the PKCS#11 module, the module is interrogated about the slots available, and it returns 8. After that all slots are checked for presence of token and then it fails.

I've tried another PKCS#11 module that came with my card, and with that one it works, but that one strangely enough tells PKIBlackBox that only one slot is there.

What's happening?

Thanks for the help
Simone
#4423
Posted: 12/03/2007 09:33:51
by Eugene Mayevski (EldoS Corp.)

PKCS modules differ in the way many things are implemented and in the number of bugs they have.
If you tell us the version and edition of SecureBlackbox and the exact names of the modules, we will be able to say something. Without *all* of the above information we can't do anything.


Sincerely yours
Eugene Mayevski
#4428
Posted: 12/04/2007 05:19:11
by Simone Ferrari (Basic support level)
Joined: 12/03/2007
Posts: 22

Quote
Eugene Mayevski wrote:
PKCS modules differ in the way many things are implemented and in the number of bugs they have.
If you tell us the version and edition of SecureBlackbox and the exact names of the modules, we will be able to say something. Without *all* of the above information we can't do anything.


The version of SecureBlackBox is 5.2.123

The PKCS#11 module is OpenSC PKCS#11 module, version 0.11.4

If you need any more information please let me know.

#4429
Posted: 12/04/2007 05:44:44
by Eugene Mayevski (EldoS Corp.)

Another open source ... And what *edition* of SecureBlackbox are you using?


Sincerely yours
Eugene Mayevski
#4430
Posted: 12/04/2007 07:41:28
by Simone Ferrari (Basic support level)
Joined: 12/03/2007
Posts: 22

Quote
Eugene Mayevski wrote:
Another open source ... And what *edition* of SecureBlackbox are you using?


I'm using the Active-X edition of SecureBlackBox and I have tested the PKCS#11 module with the PKCS11 VB6 sample project.
#4431
Posted: 12/04/2007 07:53:49
by Eugene Mayevski (EldoS Corp.)

Great, thank you. I've added a task to our ToDo list to check the issue and, if necessary, fix it for SBB 6. The last question - what cryptocard or USB token was used? OpenSC, as I understand, is just a layer on top of actual hardware drivers.


Sincerely yours
Eugene Mayevski
#4432
Posted: 12/04/2007 09:06:47
by Simone Ferrari (Basic support level)
Joined: 12/03/2007
Posts: 22

Quote
Eugene Mayevski wrote:
Great, thank you. I've added a task to our ToDo list to check the issue and, if necessary, fix it for SBB 6. The last question - what cryptocard or USB token was used? OpenSC, as I understand, is just a layer on top of actual hardware drivers.


The card used is an Italian Infocamere card series 1202 produced by InCard.

I appreciate the fact that you've put this issue on your TODO list but I need to fix this NOW.
We are preparing an offer for a client of ours and it's pretty urgent.

I also take the chance to ask another question:

I am trying to sign with the certificate on the card (I'm suing IpmPKI32.dll until the OpenSC problem is solved, which works with my card but not with all the Infocamere card which I'm supposed to support in the end) but it's not working.

This is the code:

Code
Dim s As String
    Dim inBuf
    Dim outBuf As Variant
    
    ' get the input buffer
    Open txtFileToSign.Text For Binary Access Read As #222
    s = Input(LOF(222), #222)
    Close #222
    
    inBuf = Str2ByteArr(s)
    
    ' first thing we need is the signing certificate
    Dim signer As IElMessageSignerX2
    Dim signer2 As IElMessageSignerX3
    Dim attr As IElPKCS7AttributesX
    
    Dim storageIntf As IElCustomCertStorageX3
    Dim signingCert As IElCertificateX3
    
    Set storageIntf = Storage.Object
    Set signingCert = storageIntf.GetCertificate(0)
    
    Dim v As Variant
    Dim sz As Integer
    
    Call signingCert.SaveKeyToBuffer(v)
    If VarType(v) = vbString Then
        sz = Len(v)
    ElseIf VarType(v) = vbArray Or vbByte Then
        s = v
        sz = Len(s)
    End If
    
    If sz = 0 Then
        MsgBox "Private key not present"
        Exit Sub
    End If
    
    Dim mms As IElMemoryCertStorageX2
    Set mms = memoryStorage.Object
    
    mms.Add signingCert
    
    Set signer = MessageSigner.Object
    Set signer2 = MessageSigner.Object
    signer2.IncludeCertificates = True
    With signer
        .CertStorage = mms
        .HashAlgorithm = SB_ALGORITHM_DGST_SHA1
        
        On Error Resume Next
        Call .Sign(inBuf, outBuf)
        If Err.Number = 0 And VarType(outBuf) = vbArray Or vbByte And IsEmpty(outBuf) = False Then
            On Error GoTo 0
            Open "e:\temp\signed.p7" For Binary Access Write As #222
            Dim x As Integer, b As Byte
            For x = LBound(outBuf) To UBound(outBuf)
                b = outBuf(x)
                Put #222, , b
            Next
            Close #222
            MsgBox "File signed successfully into e:\temp\signed.p7"
        Else
            MsgBox "Signing failed"
        End If
    End With
    
    memoryStorage.Remove 0


After .Sign is called, OutBuf is Empty.
I added some code to check the private key and apparently it's not there.

What am I doing wrong?

Thanks

#4433
Posted: 12/04/2007 09:39:38
by Eugene Mayevski (EldoS Corp.)

Sorry for disappointing you, but fixing it now (if the problem exists and is in our code and not OpenSC) is unreal. All fixes will go to SBB 6.0 release and not earlier.


Sincerely yours
Eugene Mayevski
#4439
Posted: 12/05/2007 00:35:45
by Simone Ferrari (Basic support level)
Joined: 12/03/2007
Posts: 22

Quote
Eugene Mayevski wrote:
Sorry for disappointing you, but fixing it now (if the problem exists and is in our code and not OpenSC) is unreal. All fixes will go to SBB 6.0 release and not earlier.


Well in that case, since I need to complete our project within the end of December, it means I'll have to find another component that will work.

About my other question could look into it?

Thanks
#4459
Posted: 12/07/2007 09:41:38
by Ken Ivanov (EldoS Corp.)

Quote
After .Sign is called, OutBuf is Empty.

Is some error thrown by the Sign method?

Quote
I added some code to check the private key and apparently it's not there.

Most of the tokens do not allow export of private keys, so SaveKeyToBuffer is not a right way to check the existence of the private key. Please check if Sign method throws some error.

BTW, how exactly did you add the OpenSC PKCS#11 module to Firefox? Firefox shows an 'Unable to add module' error for us. It would be excellent if you specify the exact steps you used to build the module and the exact version of Firefox that understood it.
Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.

Reply

Statistics

Topic viewed 6856 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!