TokenD issue on MacOS X 10.6
Hello, since the tokend binary I'm using on 10.5 doesn't works anymore on 10.6, also on 32 bit hardware, I'm trying to rebuild tokend. I've a problem similar to that reported here [1]. The smart card keychain and all objects can be seen in KeyChain Access application, but when I try to make a signature an error is returned. actually the most detailed error I got is: CSSM_SignData returned: 8001082E Error: 0x8001082E -2147416018 CSSMERR_CSP_INVALID_ACL_ENTRY_TAG The system never asks me the PIN. To make it simpler I've modified the BELPIC tokend to became a completely software tokend, that is accepts any card the use keys and certificate located in files. The behavior is the SAME sa my tokend. So I think that is just a build problem... I'm using currnet darwinbuld from trunk, xcode 3.2 and I'm initializing darwinbuld on the build id 10B504 Anyone was successfully in building ad using a tokend on 10.6? Can you help me? links: [1] http://lists.macosforge.org/pipermail/tokend-dev/2009-September/000015.html -- Giuseppe Amato http://www.bit4id.com gam@bit4id.com
I appreciate the detail. Sorry it didn't work. I tried some time ago under 10.5. Also failed. Sorry, don't remember the build id's I tried. Tangent 1: I'd like to say this as gently as possible, since I do understand the difficulties of integrating a lot of separately-developed pieces like this, but: I find it ironic that OToneH Apple encourages me to build a software pkcs11 library directly as a tokend, but OTotherH Apple makes it difficult to build tokend's. Tangent 2: Wasn't there a sample tokend project once that would make a pkcs11 library appear as a keychain to the system? On Nov 5, 2009, at 9:09 AM, Giuseppe Amato wrote:
I'm using currnet darwinbuld from trunk, xcode 3.2 and I'm initializing darwinbuld on the build id 10B504
Anyone was successfully in building ad using a tokend on 10.6? Can you help me?
------------------------------------------------------ The opinions expressed in this message are mine, not those of Caltech, JPL, NASA, or the US Government. Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu
2009/11/18 Henry B. Hotz <hotz@jpl.nasa.gov>:
Tangent 2:
Wasn't there a sample tokend project once that would make a pkcs11 library appear as a keychain to the system?
Not to my knowledge. But I recently uploaded such a tokend to macosforge. You can get the source code at [1]. The project is not yet finished. I still can't sign a mail using Mail (see [2]). And it is still not easy to select the PKCS#11 lib to use. But I am working on it right now. Any help or idea is welcome. Regards, [1] https://svn.macosforge.org/repository/smartcardservices/trunk/Tokend/PKCS11/ [2] http://lists.macosforge.org/pipermail/tokend-dev/2010-January/000029.html -- Dr. Ludovic Rousseau
Thanks a lot. I hope I have time to look at it sometime soon. On Jan 26, 2010, at 1:26 AM, Ludovic Rousseau wrote:
2009/11/18 Henry B. Hotz <hotz@jpl.nasa.gov>:
Tangent 2:
Wasn't there a sample tokend project once that would make a pkcs11 library appear as a keychain to the system?
Not to my knowledge.
But I recently uploaded such a tokend to macosforge. You can get the source code at [1]. The project is not yet finished. I still can't sign a mail using Mail (see [2]). And it is still not easy to select the PKCS#11 lib to use. But I am working on it right now. Any help or idea is welcome.
Regards,
[1] https://svn.macosforge.org/repository/smartcardservices/trunk/Tokend/PKCS11/ [2] http://lists.macosforge.org/pipermail/tokend-dev/2010-January/000029.html
-- Dr. Ludovic Rousseau
------------------------------------------------------ The opinions expressed in this message are mine, not those of Caltech, JPL, NASA, or the US Government. Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu
2009/11/5 Giuseppe Amato <gam@bit4id.com>:
Hello,
Hello Giuseppe,
since the tokend binary I'm using on 10.5 doesn't works anymore on 10.6, also on 32 bit hardware, I'm trying to rebuild tokend. I've a problem similar to that reported here [1].
The smart card keychain and all objects can be seen in KeyChain Access application, but when I try to make a signature an error is returned. actually the most detailed error I got is: CSSM_SignData returned: 8001082E
I also have the exact same error with a tokend I am working on. Do you have any solution to that problem? Bye -- Dr. Ludovic Rousseau
2010/1/26 Ludovic Rousseau <ludovic.rousseau@gmail.com>:
2009/11/5 Giuseppe Amato <gam@bit4id.com>:
Hello,
Hello Giuseppe,
since the tokend binary I'm using on 10.5 doesn't works anymore on 10.6, also on 32 bit hardware, I'm trying to rebuild tokend. I've a problem similar to that reported here [1].
The smart card keychain and all objects can be seen in KeyChain Access application, but when I try to make a signature an error is returned. actually the most detailed error I got is: CSSM_SignData returned: 8001082E
I also have the exact same error with a tokend I am working on.
Do you have any solution to that problem?
Giuseppe Amato sent me the solution. http://lists.macosforge.org/pipermail/smartcardservices-changes/2010-Februar... -- Dr. Ludovic Rousseau
participants (3)
-
Giuseppe Amato
-
Henry B. Hotz
-
Ludovic Rousseau