EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Error when using OpenSC PKCS#11 module

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
#4460
Posted: 12/08/2007 04:24:53
by Eugene Mayevski (EldoS Corp.)

JFYI: on 3 computers with 3 tokens which are supposed to be supported (Eutron, Rainbow, Aladdin) we couldn't manage this piece of open-source to even start correctly. On two computers it gave various errors when trying to read the devices and on my system it fails to load the PKCS11 module due to problems in resolving the dependencies between various libraries. Firefox fails too.


Sincerely yours
Eugene Mayevski
#4461
Posted: 12/10/2007 01:49:50
by Simone Ferrari (Basic support level)
Joined: 12/03/2007
Posts: 22

Quote
Innokentiy Ivanov wrote:
Quote
After .Sign is called, OutBuf is Empty.

Is some error thrown by the Sign method?

Quote
I added some code to check the private key and apparently it's not there.

Most of the tokens do not allow export of private keys, so SaveKeyToBuffer is not a right way to check the existence of the private key. Please check if Sign method throws some error.

BTW, how exactly did you add the OpenSC PKCS#11 module to Firefox? Firefox shows an 'Unable to add module' error for us. It would be excellent if you specify the exact steps you used to build the module and the exact version of Firefox that understood it.


No error is thrown by the Sign method, but the output buffer is empty.

As for Firefox , I just went into Tools -> Options -> Advanced -> Security Devices, then I clicked on 'Load' and entered a name for the OpenSC PKCS11 module and the path of the PKCS11 library.
After that it loaded it without any problem and I could see the status changing as I inserted/removed the card in the reader.
I used the latest SCB (Smart Card Bundle) for Windows that you can find on OpenSC's website.
The Firefox version is 2.0.0.9.



#4462
Posted: 12/10/2007 05:28:21
by Eugene Mayevski (EldoS Corp.)

Quote
Simone Ferrari wrote:
As for Firefox , I just went into Tools -> Options -> Advanced -> Security Devices, then I clicked on 'Load' and entered a name for the OpenSC PKCS11 module and the path of the PKCS11 library.
After that it loaded it without any problem and I could see the status changing as I inserted/removed the card in the reader.
I used the latest SCB (Smart Card Bundle) for Windows that you can find on OpenSC's website.
The Firefox version is 2.0.0.9.


You are lucky. On my system Firefox 2 says "can't load library" for opensc-pkcs11.dll from the same package that you have used. And the problem is in unresolved ordinals. OpenSC uses linkage by ordinal to some libraries (winsock 2, openssl) and this is a very bad idea usually as the numbers can change. As it happened on my system.


Sincerely yours
Eugene Mayevski
#4468
Posted: 12/11/2007 00:43:28
by Simone Ferrari (Basic support level)
Joined: 12/03/2007
Posts: 22

Quote
Eugene Mayevski wrote:
Quote
Simone Ferrari wrote:
As for Firefox , I just went into Tools -> Options -> Advanced -> Security Devices, then I clicked on 'Load' and entered a name for the OpenSC PKCS11 module and the path of the PKCS11 library.
After that it loaded it without any problem and I could see the status changing as I inserted/removed the card in the reader.
I used the latest SCB (Smart Card Bundle) for Windows that you can find on OpenSC's website.
The Firefox version is 2.0.0.9.


You are lucky. On my system Firefox 2 says "can't load library" for opensc-pkcs11.dll from the same package that you have used. And the problem is in unresolved ordinals. OpenSC uses linkage by ordinal to some libraries (winsock 2, openssl) and this is a very bad idea usually as the numbers can change. As it happened on my system.


I don't know what to say. I guess OpenSC is not implemented that well.
However, I have now found PKCS11 modules for my card that the producer gives out with the card, so at least these should work. One of them is IpmPKI32.dll.

I have tried this with your component and it works fine regarding the loading of the library and determining the slots etc... Even reading the certificate details works all right. But like I mentioned earlier I'm not able to sign. Can you help me on this one?

No errors given, just an output buffer which is empty.

Thanks
#4470
Posted: 12/11/2007 01:29:34
by Eugene Mayevski (EldoS Corp.)

Signing is the second part of your question and I hope Innokentiy will answer.


Sincerely yours
Eugene Mayevski
#4473
Posted: 12/11/2007 06:06:54
by Ken Ivanov (EldoS Corp.)

Quote
But like I mentioned earlier I'm not able to sign.

Would you be so kind to check if your code works with some other certificate (e.g., stored in a file, not on the token)?
Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.

Reply

Statistics

Topic viewed 6853 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!