OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
[Muscle] New key objects created when performing a lookup?

From: Geoffrey Elgey (geoffreevintela.com)
Date: Tue Jun 07 2005 - 20:26:59 CDT

G'day,

If use pkcs11-tool configured with libmusclepkcs11.so to store a
certificate and a private key on a card, then perform a lookup of the
objects on the card, it seems that additional public and private key
objects are added to the card by libmusclepkcs11.so.

For example, if I put a certificate and a private key on the a card,
then muscleTool shows the following objects:

muscle [MuscleCard Applet] > list
            Object ID Object Size READ WRITE DELETE
    ----------------- ----------- ------ ------ ------
                   k5 512 ALWAYS PIN #1 PIN #1
                   k4 512 PIN #1 PIN #1 PIN #1
                   c0 512 ALWAYS PIN #1 PIN #1
                   C0 646 ALWAYS PIN #1 PIN #1

The certificate is represented by {c0,C0}, and the private key by {k4,k5}.

But if I then use pkcs11-tool (configured to use libmusclpkcs11.so) to
view the card contents, this is what gets listed:

Certificate Object, type = X.509 cert
   label: user-cert
   ID: 1234

Public Key Object; unknown key algorithm 134532164
   ID: 1234
   Usage: encrypt, verify, wrap

Private Key Object; RSA
   label: user-key
   ID: 1234
   Usage: decrypt, sign, unwrap

Public Key Object; RSA 134564297 bits
   label:
   ID: 4b45593030303030303030303030303030303033
   Usage: encrypt, verify, wrap

Private Key Object; RSA
   label:
   ID: 4b45593030303030303030303030303030303032
   Usage: decrypt, sign, unwrap

Public Key Object; RSA 134564297 bits
   label:
   ID: 4b45593030303030303030303030303030303031
   Usage: encrypt, verify, wrap

Private Key Object; RSA
   label:
   ID: 4b45593030303030303030303030303030303030
   Usage: decrypt, sign, unwrap

NOTE: lots messages such as "warning: PKCS11 function
C_GetAttributeValue(ENCRYPT) failed: rv = CKR_ATTRIBUTE_TYPE_INVALID
(0x12)" have been removed from the above. Key usage attributes are not
explicitly created by pkcs11-tool, so I'm assuming these attributes
don't exist and have no default value, so that getting their value is an
error?

There's quite a few new objects listed above, as revealed by using
muscleTool:

muscle [MuscleCard Applet] > list
            Object ID Object Size READ WRITE DELETE
    ----------------- ----------- ------ ------ ------
                   k3 512 ALWAYS PIN #1 PIN #1
                   k2 512 PIN #1 PIN #1 PIN #1
                   k1 512 ALWAYS PIN #1 PIN #1
                   k0 512 PIN #1 PIN #1 PIN #1
                   k5 512 ALWAYS PIN #1 PIN #1
                   k4 512 PIN #1 PIN #1 PIN #1
                   c0 512 ALWAYS PIN #1 PIN #1
                   C0 646 ALWAYS PIN #1 PIN #1

New key objects k0, k1, k2, and k4 have been created.

So: why have these new key objects been created by libmusclepkcs11.so in
the process of the lookup, and should these objects have been created by
pkcs11-tool in the first place?

-- Geoff
_______________________________________________
Muscle mailing list
Musclelists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle