URL: pkcs11:model=SoftHSM%20v2 manufacturer=SoftHSM%20project serial=6a65483728c0ce9b token=test object-type=privateįlags: CKA_WRAP/UNWRAP CKA_PRIVATE CKA_SENSITIVE URL: pkcs11:model=SoftHSM%20v2 manufacturer=SoftHSM%20project serial=6a65483728c0ce9b token=test object-type=public Token 'test' with URL 'pkcs11:model=SoftHSM%20v2 manufacturer=SoftHSM%20project serial=6a65483728c0ce9b token=test' requires user PIN $ p11tool -list-all -login "pkcs11:model=SoftHSM%20v2 manufacturer=SoftHSM%20project serial=6a65483728c0ce9b token=test" I'm not quite sure, but p11tool writes, that there is object called "Public key": It should have continued normally and listed the available keys in slot 0. Ssh-keygen fails because slot 1 is listed as existing but C_OpenSession() fails on it. The reason of failure is apparent in the following log from pkcs11-spy: $ ssh-keygen -D /usr/lib64/pkcs11/libsofthsm2.so $ pkcs11-tool -module /usr/lib64/pkcs11/libsofthsm2.so -k -login -key-type rsa:1024 $ softhsm2-util -init-token -slot 0 -label test -so-pin 1234 -pin 1234 That makes ssh fail reading keys from softhsm. The softhsm module reports two slots available (0 and 1), even though only 0 exists.
0 Comments
Leave a Reply. |