|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Muscle] CAC - Almost there
From: David Corcoran (corcoran
identityalliance.com)
Date: Thu Jan 06 2005 - 12:12:31 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Michael,
Try pulling the latest PKCS11 from:
muscleapps.alioth.debian.org
There is a fix in there that deals with key lengths that might be the
culprit. I see:
06/01 12:39:43 +C_SignInit : start
06/01 12:39:43 Active session list:
06/01 12:39:43 Session ID: 9393CF8
06/01 12:39:43 Session ID: 91F0558
06/01 12:39:43 Sign object handle: 0x91F1CC8
06/01 12:39:43 -C_SignInit : end RV(0x0)
06/01 12:39:43 +C_Sign : start
06/01 12:39:43 Output buffer len: 127
06/01 12:39:43 Active session list:
06/01 12:39:43 Session ID: 9393CF8
06/01 12:39:43 Session ID: 91F0558
06/01 12:39:43 (p11x_log.c 52): error: 0x150 "CKR_BUFFER_TOO_SMALL"
06/01 12:39:43 -C_Sign : end RV(0x150)
06/01 12:39:43 +C_CloseSession : start
where the problem might be ...
Dave
On Jan 6, 2005, at 12:57 PM, Micahel Olson wrote:
> Thank you, that definitely generated some information. I'm not getting
> much from it initially so I'm trying to look at the code and figure it
> now. (If you have the time/inclination to peek at it,
> http://www.cs.odu.edu/~olson/CAC/ )
>
> I see that there are differences between running it with the bsiPlugin
> vs commonAccessCard but nothing obvious appears. Which one should I be
> using? I would prefer to be operational using commonAccessCard since
> it's open source.
>
> Thanks Again,
> Michael
>
> David Corcoran wrote:
>
>> Michael,
>>
>> I would suggest using the pkcs11rc file (contained in the PKCS#11
>> code) and turning logging to LOW (log low priority messages)
>> This will create a PKCS11.log file which can be used to determine the
>> problem ...
>>
>> bsiPlugin.bundle and commonAccessCard.bundle are two different
>> animals - although they have similar API's .....
>>
>> Thanks,
>> Dave
>>
>>
>> On Jan 6, 2005, at 10:49 AM, Michael Olson wrote:
>>
>>> I'm trying to get a CAC card in use under Fedora Core 3.
>>>
>>> What I'd like to get going altogether is
>>>
>>> Working on Web Client Side Authentication first, I have
>>> an ActiveCard USB Reader (v2) and a Schlumberger Access 32K V2.
>>>
>>> Using PCSC-Lite 1.2.0 and CCID 0.4.1 I seem to have no
>>> problems reading the card. I can see it inserted and get my ATR.
>>>
>>> I built commonAccessCard.bundle from Darwin and
>>> muscleframework 1.1.5, associated it with bundleTool and
>>> XCardII 0.9.9 can see the card.
>>>
>>> Next up I built libmusclepkcs11.so and loaded it into
>>> FireFox 1.0 and tried hitting a client side authenticated
>>> page. It prompted me to unlock the card, accepted my pin,
>>> and then gave me a list of certificates to use.
>>>
>>> This is where things stopped working though. I tried all the
>>> certificates listed but can not view the page. (Error establishing
>>> an encrypted connection to xxx.navy.mil. Error Code: -12222.)
>>>
>>> I tried using bsiPlugin.bundle from ActiveCard Gold 1.0. It seems
>>> to work pretty much identically to commonAccessCard.bundle so I
>>> also tried using libpkcs11.so with it. Firefox wouldn't even load it.
>>>
>>> I've switched back to commonAccessCard.bundle and libmusclepkcs11.so
>>> but have no idea what to do to debug things at this point.
>>>
>>> Any recommendations?
>>>
>>> Thank You,
>>> Michael
>>
>> ----------------------------------------------------------------------
>> -- ------------
>> David Corcoran corcoranidentityalliance.com
>> Identity Alliance http://www.identityalliance.com
>>
>> Smart Cards, Biometrics, Training, Identity Management
>> ----------------------------------------------------------------------
>> -- -------------
>
>
>
> _______________________________________________
> Muscle mailing list
> Musclelists.musclecard.com
> http://lists.drizzle.com/mailman/listinfo/muscle
>
>
------------------------------------------------------------------------
------------
David Corcoran corcoranidentityalliance.com
Identity Alliance http://www.identityalliance.com
Smart Cards, Biometrics, Training, Identity Management
------------------------------------------------------------------------
-------------
_______________________________________________
Muscle mailing list
Musclelists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]