-
Notifications
You must be signed in to change notification settings - Fork 72
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PKCS#11: Cannot perform signature 512:'CKR_FUNCTION_REJECTED' #27
Comments
Hi, |
Yes of course. Here you are: https://pastebin.com/W7PgmtA6 I think at Nearly at the end there is:
Note: I did not remove the card from the slot. I am using the contactless method. But there is no difference when I use the contact method. Interesting is also, that PKCS-Admin shows two public keys. Maybe there is the Problem? I imported both the private and public key. And now there are two pubs? Is a corresponing public key auto-generated, when I import a private key? Edit: See: https://jan-home.de/public/keys.png ; https://jan-home.de/public/keys2.png |
I'm clsoing this issue for now due to its age. I seem to have missed the notification about your response. This seems to have been an issue with your smartcard/reader/drivers instead of the applet. It is weird that PC/SC thinks that your card has been removed... |
Hello,
I have trouble using the IsoApplet to work with OpenVPN. The VPN Server as such does work, when I use the Keypair/Cert inline in the .ovpn file. When I import the Keypair + Cert to the SmartCard I cannot authenticate. It is no difference, wether or not import the files, or use on card generation and CSR.
I am using OpenSC as PKCS11 provider.
Some additional info:
I am using a
NXP J3H145 dual interface JavaCard
.I have edited the isoApplet Profile in OpenSC, so that the manufacurer is not "unknown" and the token label is not "JavaCard IsoApplet".
This is the full OpenVPN Client-Log (verb lvl 7)
https://pastebin.com/nsf13PRy
Some log entries that are important (in my opinion):
The signature algorithm used to sign the certificate is sha256
Maybe you have some ideas to resolve this issue? Maybe it is just a config related thing?
The text was updated successfully, but these errors were encountered: