Comments (8)
Maybe related to #43 (comment)
So, the solution would be to check if the key on token is CKA_ALWAYS_AUTHENTICATE, and do C_Login(CKU_CONTEXT_SPECIFIC,...)
Maybe I will find the time to look into it, soon.
from xca.
Thanks for the hints.
However, I did not succeed in either of them. Trying to create a key pair with pkcs11-tool using the --always-auth flag gives me this error:
error: PKCS11 function C_GenerateKeyPair failed: rv = CKR_ATTRIBUTE_TYPE_INVALID (0x12)
Regarding the opensc.conf options, I am unsure if the YubiHSM PKCS#11 driver even uses the pin_cache_ignore_user_consent = true;
option.
So, I would really appreciate if you could look into it, as I am a bit lost right now.
from xca.
Either the keypair hasn't been created completely (Public and private key object), see: https://hohnstaedt.de/xca-doc/html/smartcard.html#key-management-on-the-token .
Did you create the keys with XCA or with an other tool and then import them into XCA?
Do you see the created keys when you select "Manage Security token" ?
from xca.
Hi, I contacted Yubico about this, and this is what they answered:
When we are testing the XCA tool it seems like it is not able to establish a session using the yubihsm_pkcs11 module.
The reason is likely that the YubiHSM2 does not support the SO-PIN concept, as is stated in the YubiHSM2 PKCS#11 documentation, and it seems like all the interactions to sign in is using the SO PIN, rather than the regular PIN.
Could this help with adressing this issue within XCA?
from xca.
Added login option with 3457454
Please try a build from https://github.com/chris2511/xca/actions/runs/8195398369
from xca.
Dear Chris,
thanks a lot for providing the additional login option so fast! I tested the build, but however, XCA just stalls and has to be force-closed after entering the PIN. I am attaching the PCKS11 log for one XCA session, so if you could have a look at it, that would be great:
yubiHSM.txt
from xca.
Auto close with 3457454 was not correct
from xca.
Dear Chris,
may I kindly ask if there are any news on this issue?
from xca.
Related Issues (20)
- Docker image HOT 1
- Problems exporting PKCS#12 HOT 1
- Exporting private keys with MacOS doesn't work HOT 9
- New XCA v2.6.0 - It's not in English HOT 10
- XCA version 2.6.0 very slow (Win 10) HOT 1
- XCA 2.5.0 & 2.6.0 very slow HOT 12
- pfx certificate cannot be imported in ios and macos: incorrect password
- XCA 2.6 on macOS - mySQL ODBC issue HOT 1
- What's wrong with hohnstaedt.de HOT 1
- XCA 2.6.0 gui language bug under macOS HOT 8
- Can't connect remote database
- export certificate: error using child folder
- Disorder in displaying Persian words that are links HOT 5
- Error in compiling code in linux HOT 2
- issues with icons in gnome dock
- Missing option to disable file association in Windows setup
- No available SQL option HOT 2
- Implement full command-line support for XCA HOT 4
- Feature request: option to hide certificates, that are expired more than x days
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from xca.