[gnutls-dev] GnuTLS PKCS#11 Engine

Simon Josefsson simon at josefsson.org
Mon May 14 13:50:21 CEST 2007


"Alon Bar-Lev" <alon.barlev at gmail.com> writes:

> On 5/14/07, Alon Bar-Lev <alon.barlev at gmail.com> wrote:
>> On 5/14/07, Simon Josefsson <simon at josefsson.org> wrote:
>> > I suppose this is just PKCS#11 internal stuff, and I hope you will solve
>> > it.  If I can assist in testing anything, let me know.
>>
>> This is sute problem, I cannot solved this... I CCed Marcus, I hope he
>> will be able to solve it.
>
> Hmmm...
> You can try to configure pkcs11-helper with --disable-threading
> --disable-slotevent, I guess it will stop fixup the fork()
> automatically.

It works!  (The key below is on the OpenPGP smart card.)

/Simon

jas at mocca:~/src/gnutls-pkcs11-0.01/src$ ./gnutls-pkcs11-cli --add-provider=/usr/local/lib/libscute.so --cmd=connect --host=test.gnutls.org --port=5556 --pkcs11-id='PPC\x20Card\x20Systems/OpenPGP/00000532/D2760001240101010001000005320000/42443546383044453633303334454339453238343145363330393535324533343543354632323646'
Resolving 'test.gnutls.org'...
Connecting to '83.241.177.38:5556'...
- Successfully sent 1 certificate(s) to server.
- Handshake was completed

- Simple Client Mode:

GET / HTTP/1.1

HTTP/1.0 200 OK
Content-type: text/html


<HTML><BODY>
<CENTER><H1>This is <a href="http://www.gnu.org/software/gnutls">GNUTLS</a></H1></CENTER>


<p>Session ID: <i>40EFFAB78842BCBF9C59F3B701D0D8B718D80708EC42BCBF0100000010950908</i></p>
<h5>If your browser supports session resuming, then you should see the same session ID, when you press the <b>reload</b> button.</h5>
Ephemeral DH using prime of <b>1032</b> bits.<br>
<P>
<TABLE border=1><TR><TD>Protocol version:</TD><TD>TLS 1.2</TD></TR>
<TR><TD>Certificate Type:</TD><TD>X.509</TD></TR>
<TR><TD>Key Exchange:</TD><TD>DHE RSA</TD></TR>
<TR><TD>Compression</TD><TD>DEFLATE</TD></TR>
<TR><TD>Cipher</TD><TD>AES 256 CBC</TD></TR>
<TR><TD>MAC</TD><TD>SHA</TD></TR>
<TR><TD>Ciphersuite</TD><TD>DHE_RSA_AES_256_CBC_SHA1</TD></TR></p></TABLE>
<hr><PRE>X.509 Certificate Information:
        Version: 3
        Serial Number (hex): 4628a165
        Issuer: CN=GnuTLS test CA
        Validity:
                Not Before: Fri Apr 20 11:17:59 UTC 2007
                Not After: Wed Oct 17 11:18:02 UTC 2007
        Subject: O=Simon Josefsson,CN=Test Key
        Subject Public Key Algorithm: RSA
                Modulus (bits 1024):
                        ad:9e:08:78:73:a7:19:b0:45:58:0f:77:df:68:52:1d
                        74:c3:06:ad:d4:01:8f:e7:73:a6:2b:9b:26:90:85:bc
                        5b:f1:8c:a4:6e:44:a4:f0:c0:51:79:05:05:7e:2c:35
                        4f:fc:de:72:7f:b5:35:6f:71:8d:24:58:ee:09:a1:ba
                        1b:59:c0:64:73:50:94:f0:4f:cc:20:46:24:f3:a5:c1
                        a2:e2:80:92:9e:62:48:d3:67:91:5f:51:9e:f6:1a:fb
                        f4:0a:5d:26:7e:04:2e:15:51:a8:22:28:87:07:ca:0f
                        6e:cb:a0:58:a1:35:8b:6e:cb:9f:e0:94:a2:89:ce:31
                Exponent:
                        86:6d:78:01
        Extensions:
                Basic Constraints (critical):
                        Certificate Authority (CA): FALSE
                Key Purpose (not critical):
                        TLS WWW Client.
                        TLS WWW Server.
                Subject Alternative Name (not critical):
                        DNSname: josefsson.org
                Key Usage (critical):
                        Digital signature.
                        Key encipherment.
                Subject Key Identifier (not critical):
                        b83879aed2d2f990c21a2732e2441c056ff9f9b1
                Authority Key Identifier (not critical):
                        e93c1cfbad926ee606a4562ca2e1c05327c8f295
        Signature Algorithm: RSA-SHA
        Signature:
                86:16:40:75:4a:75:c4:dd:1b:57:cf:de:d3:c8:3c:29
                31:a4:99:18:0e:86:9b:d6:5b:6d:7c:d4:1b:8c:a3:64
                de:e1:27:64:19:7c:22:2d:70:4a:11:d8:3f:b2:27:1b
                28:c5:92:d1:62:da:5a:15:4f:90:b3:d4:15:87:00:57
                a0:c8:9e:f1:96:e2:82:f2:d9:9f:4d:28:df:37:94:83
                bb:84:56:0f:06:f0:32:79:4a:38:46:e2:df:f3:16:cc
                35:da:1d:04:32:61:6f:da:e4:4d:3a:44:54:56:82:47
                6a:8e:c7:b7:79:e3:f3:1c:f2:b4:8d:ff:13:35:b9:3e
Other Information:
        MD5 fingerprint:
                c9132f91ca88ffba4d40c420570e2986
        SHA-1 fingerprint:
                bd5f80de63034ec9e2841e6309552e345c5f226f
        Public Key Id:
                b83879aed2d2f990c21a2732e2441c056ff9f9b1
</PRE><P><PRE>
</PRE>
<hr><P>Your HTTP header was:<PRE></PRE></P>
</BODY></HTML>

- Peer has closed the GNUTLS connection
jas at mocca:~/src/gnutls-pkcs11-0.01/src$ 




More information about the Gnutls-devel mailing list