Hello all!
My name is Cristian, and I'm a Brazilian graduate student, researching
PKI themes. I've just bought me a Macbook Pro, and I was looking for a
way to make my epass2k token work on Mac OS X 10.6 (Snow Leopard). But
"PRONOVA" don't provide a tokend module. They provide a PKCS#11 module
only for Mac. So I can use firefox and thunderbird, but not safari,
chrome, java, mail and everithing else I would like to use with it.
I must say I've got a bit disappointed on the lack of support for
PKCS#11 on Mac OS X Keychain. I've read that Apple don't want it because
of the need to point to dynlibs... I can understand, but I would be
happy even if the option was available by editing some config file or
running terminal commands. But ok, stop complaining, I'm on mac for 3
weeks now and this is my first and only complaint until now, that is good.
Since I'm a programmer, since I've come from the Linux world and since
I've got some friends here that also are programmers, also use mac, also
would like to use PKCS#11 modules on theis Mac Keychain, and also would
enjoy giving a solution for this, I'm interested on try to develop a
Tokend module that works as an interface to user provided PKCS#11
dynlibs. I would like to know:
- if you have heard about someone already trying/doing this (I've
found this slides:
http://middleware.internet2.edu/pki06/proceedings/dinapoli-pkcs11-mac.pdf,
from 2006... I'm trying to contact the author. But found nothing else).
- if there is already a documentation to people like me, that want to
develop his first Tokend module. On the website I've found only user
documentation, not developer documentation.
Regards,
--
Cristian Thiago Moecke
contato(a)cristiantm.com.br
Hello,
since the tokend binary I'm using on 10.5 doesn't works anymore on 10.6,
also on 32 bit hardware, I'm trying to rebuild tokend.
I've a problem similar to that reported here [1].
The smart card keychain and all objects can be seen in KeyChain Access
application, but when I try to make a signature an error is returned.
actually the most detailed error I got is:
CSSM_SignData returned: 8001082E
Error: 0x8001082E -2147416018 CSSMERR_CSP_INVALID_ACL_ENTRY_TAG
The system never asks me the PIN.
To make it simpler I've modified the BELPIC tokend to became a
completely software tokend, that is accepts any card the use keys and
certificate located in files.
The behavior is the SAME sa my tokend.
So I think that is just a build problem...
I'm using currnet darwinbuld from trunk, xcode 3.2 and I'm initializing
darwinbuld on the build id 10B504
Anyone was successfully in building ad using a tokend on 10.6? Can you
help me?
links:
[1]
http://lists.macosforge.org/pipermail/tokend-dev/2009-September/000015.html
--
Giuseppe Amato
http://www.bit4id.com
gam(a)bit4id.com