[gnutls-dev] GnuTLS PKCS#11 Engine
Simon Josefsson
simon at josefsson.org
Mon May 14 13:50:21 CEST 2007
"Alon Bar-Lev" <alon.barlev at gmail.com> writes:
> On 5/14/07, Alon Bar-Lev <alon.barlev at gmail.com> wrote:
>> On 5/14/07, Simon Josefsson <simon at josefsson.org> wrote:
>> > I suppose this is just PKCS#11 internal stuff, and I hope you will solve
>> > it. If I can assist in testing anything, let me know.
>>
>> This is sute problem, I cannot solved this... I CCed Marcus, I hope he
>> will be able to solve it.
>
> Hmmm...
> You can try to configure pkcs11-helper with --disable-threading
> --disable-slotevent, I guess it will stop fixup the fork()
> automatically.
It works! (The key below is on the OpenPGP smart card.)
/Simon
jas at mocca:~/src/gnutls-pkcs11-0.01/src$ ./gnutls-pkcs11-cli --add-provider=/usr/local/lib/libscute.so --cmd=connect --host=test.gnutls.org --port=5556 --pkcs11-id='PPC\x20Card\x20Systems/OpenPGP/00000532/D2760001240101010001000005320000/42443546383044453633303334454339453238343145363330393535324533343543354632323646'
Resolving 'test.gnutls.org'...
Connecting to '83.241.177.38:5556'...
- Successfully sent 1 certificate(s) to server.
- Handshake was completed
- Simple Client Mode:
GET / HTTP/1.1
HTTP/1.0 200 OK
Content-type: text/html
<HTML><BODY>
<CENTER><H1>This is <a href="http://www.gnu.org/software/gnutls">GNUTLS</a></H1></CENTER>
<p>Session ID: <i>40EFFAB78842BCBF9C59F3B701D0D8B718D80708EC42BCBF0100000010950908</i></p>
<h5>If your browser supports session resuming, then you should see the same session ID, when you press the <b>reload</b> button.</h5>
Ephemeral DH using prime of <b>1032</b> bits.<br>
<P>
<TABLE border=1><TR><TD>Protocol version:</TD><TD>TLS 1.2</TD></TR>
<TR><TD>Certificate Type:</TD><TD>X.509</TD></TR>
<TR><TD>Key Exchange:</TD><TD>DHE RSA</TD></TR>
<TR><TD>Compression</TD><TD>DEFLATE</TD></TR>
<TR><TD>Cipher</TD><TD>AES 256 CBC</TD></TR>
<TR><TD>MAC</TD><TD>SHA</TD></TR>
<TR><TD>Ciphersuite</TD><TD>DHE_RSA_AES_256_CBC_SHA1</TD></TR></p></TABLE>
<hr><PRE>X.509 Certificate Information:
Version: 3
Serial Number (hex): 4628a165
Issuer: CN=GnuTLS test CA
Validity:
Not Before: Fri Apr 20 11:17:59 UTC 2007
Not After: Wed Oct 17 11:18:02 UTC 2007
Subject: O=Simon Josefsson,CN=Test Key
Subject Public Key Algorithm: RSA
Modulus (bits 1024):
ad:9e:08:78:73:a7:19:b0:45:58:0f:77:df:68:52:1d
74:c3:06:ad:d4:01:8f:e7:73:a6:2b:9b:26:90:85:bc
5b:f1:8c:a4:6e:44:a4:f0:c0:51:79:05:05:7e:2c:35
4f:fc:de:72:7f:b5:35:6f:71:8d:24:58:ee:09:a1:ba
1b:59:c0:64:73:50:94:f0:4f:cc:20:46:24:f3:a5:c1
a2:e2:80:92:9e:62:48:d3:67:91:5f:51:9e:f6:1a:fb
f4:0a:5d:26:7e:04:2e:15:51:a8:22:28:87:07:ca:0f
6e:cb:a0:58:a1:35:8b:6e:cb:9f:e0:94:a2:89:ce:31
Exponent:
86:6d:78:01
Extensions:
Basic Constraints (critical):
Certificate Authority (CA): FALSE
Key Purpose (not critical):
TLS WWW Client.
TLS WWW Server.
Subject Alternative Name (not critical):
DNSname: josefsson.org
Key Usage (critical):
Digital signature.
Key encipherment.
Subject Key Identifier (not critical):
b83879aed2d2f990c21a2732e2441c056ff9f9b1
Authority Key Identifier (not critical):
e93c1cfbad926ee606a4562ca2e1c05327c8f295
Signature Algorithm: RSA-SHA
Signature:
86:16:40:75:4a:75:c4:dd:1b:57:cf:de:d3:c8:3c:29
31:a4:99:18:0e:86:9b:d6:5b:6d:7c:d4:1b:8c:a3:64
de:e1:27:64:19:7c:22:2d:70:4a:11:d8:3f:b2:27:1b
28:c5:92:d1:62:da:5a:15:4f:90:b3:d4:15:87:00:57
a0:c8:9e:f1:96:e2:82:f2:d9:9f:4d:28:df:37:94:83
bb:84:56:0f:06:f0:32:79:4a:38:46:e2:df:f3:16:cc
35:da:1d:04:32:61:6f:da:e4:4d:3a:44:54:56:82:47
6a:8e:c7:b7:79:e3:f3:1c:f2:b4:8d:ff:13:35:b9:3e
Other Information:
MD5 fingerprint:
c9132f91ca88ffba4d40c420570e2986
SHA-1 fingerprint:
bd5f80de63034ec9e2841e6309552e345c5f226f
Public Key Id:
b83879aed2d2f990c21a2732e2441c056ff9f9b1
</PRE><P><PRE>
</PRE>
<hr><P>Your HTTP header was:<PRE></PRE></P>
</BODY></HTML>
- Peer has closed the GNUTLS connection
jas at mocca:~/src/gnutls-pkcs11-0.01/src$
More information about the Gnutls-devel
mailing list