Sunday, December 18. 2016
DNIe 3.0 is now supported by OpenSC
Comments
Display comments as
(Linear | Threaded)
Hola,
He estado intentando obtener un certificado de la FNMT con el DNI 3.O usando OPENSC y si bien es capaz de identificarme no lo es en cambio de firmar.
Este es el procedimiento que he llevado a cabo.
git clone https://github.com/OpenSC/OpenSC.git
cd OpenSC/
./bootstrap
./configure --prefix=/home/mestres/DNI30
make
make install
instalar el modulo criptografico pkcs11 en firefox
Y la web de la FNMT requiere la instalación de este complemento para firmar
https://addons.mozilla.org/es/firefox/addon/signtextjs-plus/
Luego he seguido estás instrucciones
1º Introduzca la contraseña del DNIe y pulse Aceptar.
2º Elija el certificado con el que identificarse (debe ser el certificado de autenticación de su DNIe) y pulse Aceptar.
3º En el proceso de generación de claves, en caso de solicitarse longitud de claves elija Grado alto.
4 Pulse en "Pulse aquí para consultar y aceptar las condiciones de expedición del certificado " para desplegar la condiciones, marque la casilla y pulse Siguiente.
5º En el diálogo que le aparece para elegir un objeto elija "Dispositivo software de seguridad" y pulse Aceptar.
6º En el siguiente paso rellene los datos requeridos. Marque la casilla si desea incluir su correo electrónico en el certificado para poder cifrar y firmar emails. Pulse Aceptar.
7º Verifique que los datos introducidos son correctos y pulse firmar.
8º Para firmar el texto elija su certificado de firma digital de su DNIe e introduzca el PIN del DNIe. (esto ya no funciona) cuando seleccionas el certificado de firma digital lo que sucede es que se termina a la sesión del DNIE
9º Le aparecerá una ventana para confirmar que va a firmar con su clave de FIRMA, pulse Sí. (no aparece)
10ºSi el proceso se ha realizado correctamente le aparecerá que su solicitud ha sido procesada correctamente. Recibirá en su cuenta de correo electrónico su CÓDIGO DE SOLICITUD.
11º Diríjase a la página de descarga para descargar su certificado con el código de solicitud obtenido en el punto 10.
He estado intentando obtener un certificado de la FNMT con el DNI 3.O usando OPENSC y si bien es capaz de identificarme no lo es en cambio de firmar.
Este es el procedimiento que he llevado a cabo.
git clone https://github.com/OpenSC/OpenSC.git
cd OpenSC/
./bootstrap
./configure --prefix=/home/mestres/DNI30
make
make install
instalar el modulo criptografico pkcs11 en firefox
Y la web de la FNMT requiere la instalación de este complemento para firmar
https://addons.mozilla.org/es/firefox/addon/signtextjs-plus/
Luego he seguido estás instrucciones
1º Introduzca la contraseña del DNIe y pulse Aceptar.
2º Elija el certificado con el que identificarse (debe ser el certificado de autenticación de su DNIe) y pulse Aceptar.
3º En el proceso de generación de claves, en caso de solicitarse longitud de claves elija Grado alto.
4 Pulse en "Pulse aquí para consultar y aceptar las condiciones de expedición del certificado " para desplegar la condiciones, marque la casilla y pulse Siguiente.
5º En el diálogo que le aparece para elegir un objeto elija "Dispositivo software de seguridad" y pulse Aceptar.
6º En el siguiente paso rellene los datos requeridos. Marque la casilla si desea incluir su correo electrónico en el certificado para poder cifrar y firmar emails. Pulse Aceptar.
7º Verifique que los datos introducidos son correctos y pulse firmar.
8º Para firmar el texto elija su certificado de firma digital de su DNIe e introduzca el PIN del DNIe. (esto ya no funciona) cuando seleccionas el certificado de firma digital lo que sucede es que se termina a la sesión del DNIE
9º Le aparecerá una ventana para confirmar que va a firmar con su clave de FIRMA, pulse Sí. (no aparece)
10ºSi el proceso se ha realizado correctamente le aparecerá que su solicitud ha sido procesada correctamente. Recibirá en su cuenta de correo electrónico su CÓDIGO DE SOLICITUD.
11º Diríjase a la página de descarga para descargar su certificado con el código de solicitud obtenido en el punto 10.
Hi Albert,
Try to write in english because the blog is thought to go to a broader audience. And... What do you want me to do with this? I'm not going to ask for a FMNT certificate to test this problem. The signature process works in general. If the issue is related to the signTextJS addon try to make an easier test-case and open a bug in OpenSC. Does this procedure work with DNIe 2.0? Did it work before for you? Does it work with official packages for linux?
Try to write in english because the blog is thought to go to a broader audience. And... What do you want me to do with this? I'm not going to ask for a FMNT certificate to test this problem. The signature process works in general. If the issue is related to the signTextJS addon try to make an easier test-case and open a bug in OpenSC. Does this procedure work with DNIe 2.0? Did it work before for you? Does it work with official packages for linux?
Hello,
I have been trying to obtain a certificate from the FNMT using the DNI 3.0 with the master brand of Opensc and although it is able to identify the signing process fails.
This is the procedure I have carried out.
Git clone https://github.com/OpenSC/OpenSC.git
Cd OpenSC /
./bootstrap
./configure --prefix = / home / masters / DNI30
Make
Make install
Install the pkcs11 cryptographic module in firefox
The web of the FNMT requires the installation of this complement to sign
Https://addons.mozilla.org/firefox/addon/signtextjs-plus/
Then I followed these instructions
1st Enter the DNIe password and press OK.
2nd Choose the certificate with which to identify (must be the certificate of authentication of your DNIe) and press OK.
3rd In the process of generating keys, in case of requesting key length choose High Degree.
4th Click on "Click here to consult and accept the conditions of issuance of the certificate" to display the conditions, check the box and click Next.
5th In the dialog that appears to choose an object choose "Security Software Device" and press OK.
6th In the next step fill in the required data. Check the box if you want to include your email in the certificate so you can encrypt and sign emails. Click OK.
7th Verify that the entered data are correct and press sign.
8th To sign the text choose the certificate of digital signature of your DNIe and enter the PIN of the DNIe. (This no longer works) when you select the digital signature certificate what happens is that you end the DNIE session
9th A window will appear to confirm that you will sign with your SIGNATURE key, press Yes. (Not shown)
10th If the process was successful, it will appear that your request has been processed correctly. You will receive an APPLICATION CODE in your email account.
11th Go to the download page to obtain your certificate with the application code received in point 10.
I have been trying to obtain a certificate from the FNMT using the DNI 3.0 with the master brand of Opensc and although it is able to identify the signing process fails.
This is the procedure I have carried out.
Git clone https://github.com/OpenSC/OpenSC.git
Cd OpenSC /
./bootstrap
./configure --prefix = / home / masters / DNI30
Make
Make install
Install the pkcs11 cryptographic module in firefox
The web of the FNMT requires the installation of this complement to sign
Https://addons.mozilla.org/firefox/addon/signtextjs-plus/
Then I followed these instructions
1st Enter the DNIe password and press OK.
2nd Choose the certificate with which to identify (must be the certificate of authentication of your DNIe) and press OK.
3rd In the process of generating keys, in case of requesting key length choose High Degree.
4th Click on "Click here to consult and accept the conditions of issuance of the certificate" to display the conditions, check the box and click Next.
5th In the dialog that appears to choose an object choose "Security Software Device" and press OK.
6th In the next step fill in the required data. Check the box if you want to include your email in the certificate so you can encrypt and sign emails. Click OK.
7th Verify that the entered data are correct and press sign.
8th To sign the text choose the certificate of digital signature of your DNIe and enter the PIN of the DNIe. (This no longer works) when you select the digital signature certificate what happens is that you end the DNIE session
9th A window will appear to confirm that you will sign with your SIGNATURE key, press Yes. (Not shown)
10th If the process was successful, it will appear that your request has been processed correctly. You will receive an APPLICATION CODE in your email account.
11th Go to the download page to obtain your certificate with the application code received in point 10.
I had no problem getting a digital signature from FNMT using a DNIe 2.0, the Gentoo package for dev-libs / opensc-0.16.0 :: gentoo USE = "pcsc-lite readline secure-messaging ssl zlib -ctapi -doc ( -libressl) -openct "and with the browser www-client/firefox-45.8.0::gentoo. The procedure however fails in the same computer with the DNI 3.0 and the master brand of Opensc
I will test the ability to sign with the DNI 3.0 on this website and I will pass the results.
Https://valide.redsara.es/valide/
I will test the ability to sign with the DNI 3.0 on this website and I will pass the results.
Https://valide.redsara.es/valide/
The signing process works correctly. I have also tested it with the official libpkcs11-dnie.so and I have found the same problem on the FNMT page. The people for the FNMT have not known how to operate the new DNI 3.0 on their website and there is no bug in the Opensc. I'll write to the FNMT for the problem.
Hi,
There's a known problem right now in the opensc DNIe driver. It's about login/logout. See here:
https://github.com/OpenSC/OpenSC/issues/1036
Maybe it's related. If it also fails with a DNIe 2.0 using the current branch it's probably the same bug. Too many changes in the las days... Sorry.
There's a known problem right now in the opensc DNIe driver. It's about login/logout. See here:
https://github.com/OpenSC/OpenSC/issues/1036
Maybe it's related. If it also fails with a DNIe 2.0 using the current branch it's probably the same bug. Too many changes in the las days... Sorry.
The page of the FNMT worked with Opensc 0.16 and the DNIe 2.0.
With DNI 3.0 it does not work with either the master branch of Opensc or the official PKCS # 11 library but now I can't test it with a DNI 2.0.
With DNI 3.0 it does not work with either the master branch of Opensc or the official PKCS # 11 library but now I can't test it with a DNI 2.0.
More bugs.
Today I had the "good" idea to activate access through the DNIe to my bank account at BBVA. While activating access through the DNIe has worked perfectly it is now impossible access to my account through the dni
When you attempt the access and after accepting to execute some applets in Java (these crap often cause problems) the system remains waiting with this message: acceding to the bbva through electronic DNI. Again it seems something related to the login since at no time asks for the password of the dni.
Today I had the "good" idea to activate access through the DNIe to my bank account at BBVA. While activating access through the DNIe has worked perfectly it is now impossible access to my account through the dni
When you attempt the access and after accepting to execute some applets in Java (these crap often cause problems) the system remains waiting with this message: acceding to the bbva through electronic DNI. Again it seems something related to the login since at no time asks for the password of the dni.
Solved the access to BBVA.es (Bank Banco Bilbao Vizcaya Argentaria) with the official PKCS # 11 library and another version of java.
I have installed in my gentoo this version of java
dev-java/oracle-jre-bin-1.8.0.121:1.8::gentoo] USE="alsa cups fontconfig nsplugin -commercial -headless-awt -javafx -jce (-selinux)"
with the
dev-java/icedtea-bin-3.3.0:8::gentoo USE="alsa cups gtk nsplugin webstart -doc -examples -headless-awt -multilib -pulseaudio (-selinux) -source" ABI_X86="32 (64) (-x32)"
BBVA don't works.
I have to try the Opensc library.
I have installed in my gentoo this version of java
dev-java/oracle-jre-bin-1.8.0.121:1.8::gentoo] USE="alsa cups fontconfig nsplugin -commercial -headless-awt -javafx -jce (-selinux)"
with the
dev-java/icedtea-bin-3.3.0:8::gentoo USE="alsa cups gtk nsplugin webstart -doc -examples -headless-awt -multilib -pulseaudio (-selinux) -source" ABI_X86="32 (64) (-x32)"
BBVA don't works.
I have to try the Opensc library.
Confirmed
The Opensc library works in the BBVA.
The only way to know if this works is to go testing at all sites where DNIE is used.
The Opensc library works in the BBVA.
The only way to know if this works is to go testing at all sites where DNIE is used.
No Albert, I can't test that way (the problem can be in any of both sides, even in the card itself, I don't have access to all of them, the site is only tested with windows and nobody cares about linux, applets are dead and not working,...). But the main reason is that I don't have the time and I don't want to, I'm doing this effort in my spare time.
I created a test program and I'm adding a new test for the issues that are being reported. Easy and fast to test for any modification I need to add.
https://github.com/rickyepoderi/dnie-pkcs11-tester
If you find a bug, you can always open an issue in opensc.
I created a test program and I'm adding a new test for the issues that are being reported. Easy and fast to test for any modification I need to add.
https://github.com/rickyepoderi/dnie-pkcs11-tester
If you find a bug, you can always open an issue in opensc.
DNIE don't works in Google Chrome Version 58.0.3029.81 (64-bit)
mestres@tux ~ $ modutil -dbdir sql:.pki/nssdb/ -list
Listing of PKCS #11 Modules
-----------------------------------------------------------
1. NSS Internal PKCS #11 Module
slots: 2 slots attached
status: loaded
slot: NSS Internal Cryptographic Services
token: NSS Generic Crypto Services
slot: NSS User Private Key and Certificate Services
token: NSS Certificate DB
2. DNI-e
library name: /home/mestres/DNI30/lib/opensc-pkcs11.so
slots: 1 slot attached
status: loaded
slot: Alcor Micro AU9560 00 00
token: PIN1 (DNI electrónico)
But in settings->advanced-> http/ssl-> manage certificates the DNIe don't appears.
Can somebody test this with a DNIe?
mestres@tux ~ $ modutil -dbdir sql:.pki/nssdb/ -list
Listing of PKCS #11 Modules
-----------------------------------------------------------
1. NSS Internal PKCS #11 Module
slots: 2 slots attached
status: loaded
slot: NSS Internal Cryptographic Services
token: NSS Generic Crypto Services
slot: NSS User Private Key and Certificate Services
token: NSS Certificate DB
2. DNI-e
library name: /home/mestres/DNI30/lib/opensc-pkcs11.so
slots: 1 slot attached
status: loaded
slot: Alcor Micro AU9560 00 00
token: PIN1 (DNI electrónico)
But in settings->advanced-> http/ssl-> manage certificates the DNIe don't appears.
Can somebody test this with a DNIe?
It works for me with google rpm. I've had problems with chromium in certain distributions (fedora) but the result is a core dump. I have written an entry with the second case:
http://blogs.nologin.es/rickyepoderi/index.php?/archives/146-OpenSC-DNIe-may-not-work-in-chromechromium.html
http://blogs.nologin.es/rickyepoderi/index.php?/archives/146-OpenSC-DNIe-may-not-work-in-chromechromium.html
Hi,
I can't compile dnie-tester.
./configure --with-pkcs11=/home/mestres/DNI30/lib/opensc-pkcs11.so
mestres@tux ~/dnie-pkcs11-tester $ make
make all-am
make[1]: Entering directory '/home/mestres/dnie-pkcs11-tester'
gcc -DHAVE_CONFIG_H -I. -g -O2 -MT dnie-pkcs11-tester.o -MD -MP -MF .deps/dnie-pkcs11-tester.Tpo -c -o dnie-pkcs11-tester.o dnie-pkcs11-tester.c
dnie-pkcs11-tester.c:39:3: error: unknown type name ‘uint8_t’
uint8_t is_default;
^
dnie-pkcs11-tester.c:777:22: error: unknown type name ‘uint8_t’
void search_for_test(uint8_t* tests_run, char* name) {
^
dnie-pkcs11-tester.c: In function ‘main’:
dnie-pkcs11-tester.c:812:3: error: unknown type name ‘uint8_t’
uint8_t tests_run[sizeof(tests) / sizeof(dnie_test)];
^
dnie-pkcs11-tester.c:824:17: warning: implicit declaration of function ‘search_for_test’ [-Wimplicit-function-declaration]
case 't': search_for_test(tests_run, optarg); break;
^
dnie-pkcs11-tester.c: In function ‘request_password’:
dnie-pkcs11-tester.c:235:3: warning: ignoring return value of ‘fgets’, declared with attribute warn_unused_result [-Wunused-result]
fgets(password, password_len, stdin);
^
make[1]: ** [Makefile:386: dnie-pkcs11-tester.o] Error 1
make[1]: Leaving directory '/home/mestres/dnie-pkcs11-tester'
make: ** [Makefile:278: all] Error 2
gcc version 5.4.0 (Gentoo 5.4.0-r3 p1.3, pie-0.6.5)
I can't compile dnie-tester.
./configure --with-pkcs11=/home/mestres/DNI30/lib/opensc-pkcs11.so
mestres@tux ~/dnie-pkcs11-tester $ make
make all-am
make[1]: Entering directory '/home/mestres/dnie-pkcs11-tester'
gcc -DHAVE_CONFIG_H -I. -g -O2 -MT dnie-pkcs11-tester.o -MD -MP -MF .deps/dnie-pkcs11-tester.Tpo -c -o dnie-pkcs11-tester.o dnie-pkcs11-tester.c
dnie-pkcs11-tester.c:39:3: error: unknown type name ‘uint8_t’
uint8_t is_default;
^
dnie-pkcs11-tester.c:777:22: error: unknown type name ‘uint8_t’
void search_for_test(uint8_t* tests_run, char* name) {
^
dnie-pkcs11-tester.c: In function ‘main’:
dnie-pkcs11-tester.c:812:3: error: unknown type name ‘uint8_t’
uint8_t tests_run[sizeof(tests) / sizeof(dnie_test)];
^
dnie-pkcs11-tester.c:824:17: warning: implicit declaration of function ‘search_for_test’ [-Wimplicit-function-declaration]
case 't': search_for_test(tests_run, optarg); break;
^
dnie-pkcs11-tester.c: In function ‘request_password’:
dnie-pkcs11-tester.c:235:3: warning: ignoring return value of ‘fgets’, declared with attribute warn_unused_result [-Wunused-result]
fgets(password, password_len, stdin);
^
make[1]: ** [Makefile:386: dnie-pkcs11-tester.o] Error 1
make[1]: Leaving directory '/home/mestres/dnie-pkcs11-tester'
make: ** [Makefile:278: all] Error 2
gcc version 5.4.0 (Gentoo 5.4.0-r3 p1.3, pie-0.6.5)
I've changed the uint8_t for unsigned char. Try to compile it again.
Compiled
Now i have an error in the test
mestres@tux ~/dnie-pkcs11-tester $ ./dnie-pkcs11-tester --all
password:
Starting test inserted...
Found 1 slots...
Found slot: 0 - "Alcor Micro AU9560 00 00 Generic "
" Found token: "PIN1 (DNI electrónico) DGP-FNMT PKCS#15 emulated020346740F1C19
Found DNIe at slot 0
......
.......
7.- 1965af0: CertFirmaDigital, public key
Found the signing public key
8.- 1966250: DG1, data object
9.- 19662b0: DG11, data object
10.- 19678a0: DG13, data object
11.- 1967900: DG2, data object
12.- 1967960: DG7, data object
13.- 1964c10: DG3, data object
14.- 1964c70: DG14, data object
15.- 1964cd0: EFCOM, data object
16.- 1967ad0: EFSOD, data object
Test list-objects executed OK
Starting test logout...
Session status: CKS_RW_PUBLIC_SESSION
Session status: CKS_RW_USER_FUNCTIONS
Session status: CKS_RW_PUBLIC_SESSION
Error in C_Login [CKR_GENERAL_ERROR]
Now i have an error in the test
mestres@tux ~/dnie-pkcs11-tester $ ./dnie-pkcs11-tester --all
password:
Starting test inserted...
Found 1 slots...
Found slot: 0 - "Alcor Micro AU9560 00 00 Generic "
" Found token: "PIN1 (DNI electrónico) DGP-FNMT PKCS#15 emulated020346740F1C19
Found DNIe at slot 0
......
.......
7.- 1965af0: CertFirmaDigital, public key
Found the signing public key
8.- 1966250: DG1, data object
9.- 19662b0: DG11, data object
10.- 19678a0: DG13, data object
11.- 1967900: DG2, data object
12.- 1967960: DG7, data object
13.- 1964c10: DG3, data object
14.- 1964c70: DG14, data object
15.- 1964cd0: EFCOM, data object
16.- 1967ad0: EFSOD, data object
Test list-objects executed OK
Starting test logout...
Session status: CKS_RW_PUBLIC_SESSION
Session status: CKS_RW_USER_FUNCTIONS
Session status: CKS_RW_PUBLIC_SESSION
Error in C_Login [CKR_GENERAL_ERROR]
Yes, this is the new test for the issue #1036 which I just send as a PR this morning. You can execute tests one by one or several at the same time.
There are random errors in the tests. I can't reproduce them
mestres@tux ~/dnie-pkcs11-tester $ ./dnie-pkcs11-tester -t 7
password:
Starting test inserted...
Found 1 slots...
Found slot: 0 - "Alcor Micro AU9560 00 00 Generic "
" Found token: "PIN1 (DNI electrónico) DGP-FNMT PKCS#15 emulated020346740F1C19
Found DNIe at slot 0
Test inserted executed OK
Starting test auth-11...
Starting test_sign with KprivAutenticacion...
Signature 1 done successfully
Verification 1 done successfully
Signature 2 done successfully
Verification 2 done successfully
Signature 3 done successfully
Verification 3 done successfully
Signature 4 done successfully
Verification 4 done successfully
Signature 5 done successfully
Verification 5 done successfully
Signature 6 done successfully
Verification 6 done successfully
Signature 7 done successfully
Verification 7 done successfully
Error in C_Sign [CKR_USER_NOT_LOGGED_IN]
mestres@tux ~/dnie-pkcs11-tester $ ./dnie-pkcs11-tester -a
password:
Starting test inserted...
Found 1 slots...
Found slot: 0 - "Alcor Micro AU9560 00 00 Generic "
" Found token: "PIN1 (DNI electrónico) DGP-FNMT PKCS#15 emulated020346740F1C19
Found DNIe at slot 0
Test inserted executed OK
Starting test login...
Session status: CKS_RW_PUBLIC_SESSION
Session status: CKS_RW_USER_FUNCTIONS
Test login executed OK
Starting test list-objects...
Error in C_Login [CKR_GENERAL_ERROR]
mestres@tux ~/dnie-pkcs11-tester $ ./dnie-pkcs11-tester -t 7
password:
Starting test inserted...
Found 1 slots...
Found slot: 0 - "Alcor Micro AU9560 00 00 Generic "
" Found token: "PIN1 (DNI electrónico) DGP-FNMT PKCS#15 emulated020346740F1C19
Found DNIe at slot 0
Test inserted executed OK
Starting test auth-11...
Starting test_sign with KprivAutenticacion...
Signature 1 done successfully
Verification 1 done successfully
Signature 2 done successfully
Verification 2 done successfully
Signature 3 done successfully
Verification 3 done successfully
Signature 4 done successfully
Verification 4 done successfully
Signature 5 done successfully
Verification 5 done successfully
Signature 6 done successfully
Verification 6 done successfully
Signature 7 done successfully
Verification 7 done successfully
Error in C_Sign [CKR_USER_NOT_LOGGED_IN]
mestres@tux ~/dnie-pkcs11-tester $ ./dnie-pkcs11-tester -a
password:
Starting test inserted...
Found 1 slots...
Found slot: 0 - "Alcor Micro AU9560 00 00 Generic "
" Found token: "PIN1 (DNI electrónico) DGP-FNMT PKCS#15 emulated020346740F1C19
Found DNIe at slot 0
Test inserted executed OK
Starting test login...
Session status: CKS_RW_PUBLIC_SESSION
Session status: CKS_RW_USER_FUNCTIONS
Test login executed OK
Starting test list-objects...
Error in C_Login [CKR_GENERAL_ERROR]
The error appears randomly.
mestres@tux ~/dnie-pkcs11-tester $ ./dnie-pkcs11-tester -t 7
password:
Starting test inserted...
Found 1 slots...
Found slot: 0 - "Alcor Micro AU9560 00 00 Generic "
" Found token: "PIN1 (DNI electrónico) DGP-FNMT PKCS#15 emulated020346740F1C19
Found DNIe at slot 0
Test inserted executed OK
Starting test login...
Session status: CKS_RW_PUBLIC_SESSION
Session status: CKS_RW_USER_FUNCTIONS
Test login executed OK
Starting test auth-11...
Starting test_sign with KprivAutenticacion...
Signature 1 done successfully
Verification 1 done successfully
Signature 2 done successfully
Verification 2 done successfully
Signature 3 done successfully
Verification 3 done successfully
Signature 4 done successfully
Verification 4 done successfully
Signature 5 done successfully
Verification 5 done successfully
Signature 6 done successfully
Verification 6 done successfully
Signature 7 done successfully
Verification 7 done successfully
Signature 8 done successfully
Verification 8 done successfully
Error in C_Sign [CKR_USER_NOT_LOGGED_IN]
mestres@tux ~/dnie-pkcs11-tester $ ./dnie-pkcs11-tester -t 7
password:
Starting test inserted...
Found 1 slots...
Found slot: 0 - "Alcor Micro AU9560 00 00 Generic "
" Found token: "PIN1 (DNI electrónico) DGP-FNMT PKCS#15 emulated020346740F1C19
Found DNIe at slot 0
Test inserted executed OK
Starting test login...
Session status: CKS_RW_PUBLIC_SESSION
Session status: CKS_RW_USER_FUNCTIONS
Test login executed OK
Starting test auth-11...
Starting test_sign with KprivAutenticacion...
Signature 1 done successfully
Verification 1 done successfully
Signature 2 done successfully
Verification 2 done successfully
Signature 3 done successfully
Verification 3 done successfully
Signature 4 done successfully
Verification 4 done successfully
Signature 5 done successfully
Verification 5 done successfully
Signature 6 done successfully
Verification 6 done successfully
Signature 7 done successfully
Verification 7 done successfully
Signature 8 done successfully
Verification 8 done successfully
Signature 9 done successfully
Verification 9 done successfully
Signature 10 done successfully
Verification 10 done successfully
Signature 11 done successfully
Verification 11 done successfully
Test auth-11 executed OK
mestres@tux ~/dnie-pkcs11-tester $
mestres@tux ~/dnie-pkcs11-tester $ ./dnie-pkcs11-tester -t 7
password:
Starting test inserted...
Found 1 slots...
Found slot: 0 - "Alcor Micro AU9560 00 00 Generic "
" Found token: "PIN1 (DNI electrónico) DGP-FNMT PKCS#15 emulated020346740F1C19
Found DNIe at slot 0
Test inserted executed OK
Starting test login...
Session status: CKS_RW_PUBLIC_SESSION
Session status: CKS_RW_USER_FUNCTIONS
Test login executed OK
Starting test auth-11...
Starting test_sign with KprivAutenticacion...
Signature 1 done successfully
Verification 1 done successfully
Signature 2 done successfully
Verification 2 done successfully
Signature 3 done successfully
Verification 3 done successfully
Signature 4 done successfully
Verification 4 done successfully
Signature 5 done successfully
Verification 5 done successfully
Signature 6 done successfully
Verification 6 done successfully
Signature 7 done successfully
Verification 7 done successfully
Signature 8 done successfully
Verification 8 done successfully
Error in C_Sign [CKR_USER_NOT_LOGGED_IN]
mestres@tux ~/dnie-pkcs11-tester $ ./dnie-pkcs11-tester -t 7
password:
Starting test inserted...
Found 1 slots...
Found slot: 0 - "Alcor Micro AU9560 00 00 Generic "
" Found token: "PIN1 (DNI electrónico) DGP-FNMT PKCS#15 emulated020346740F1C19
Found DNIe at slot 0
Test inserted executed OK
Starting test login...
Session status: CKS_RW_PUBLIC_SESSION
Session status: CKS_RW_USER_FUNCTIONS
Test login executed OK
Starting test auth-11...
Starting test_sign with KprivAutenticacion...
Signature 1 done successfully
Verification 1 done successfully
Signature 2 done successfully
Verification 2 done successfully
Signature 3 done successfully
Verification 3 done successfully
Signature 4 done successfully
Verification 4 done successfully
Signature 5 done successfully
Verification 5 done successfully
Signature 6 done successfully
Verification 6 done successfully
Signature 7 done successfully
Verification 7 done successfully
Signature 8 done successfully
Verification 8 done successfully
Signature 9 done successfully
Verification 9 done successfully
Signature 10 done successfully
Verification 10 done successfully
Signature 11 done successfully
Verification 11 done successfully
Test auth-11 executed OK
mestres@tux ~/dnie-pkcs11-tester $
My DNIE version
mestres@tux ~/DNI30/bin $ ./dnie-tool -V
Using reader with a card: Alcor Micro AU9560 00 00
DNIe Version: DNIe 04.10 B5 H 0155 EXP 2-(5.1-6)
There are many versions of DNIe and do not always work the same.
Whoever designed this deserves a prize for incompetence. This is clearly demonstrated by your great work and the problems that you encounter when trying to make this "THING" called DNI works.
mestres@tux ~/DNI30/bin $ ./dnie-tool -V
Using reader with a card: Alcor Micro AU9560 00 00
DNIe Version: DNIe 04.10 B5 H 0155 EXP 2-(5.1-6)
There are many versions of DNIe and do not always work the same.
Whoever designed this deserves a prize for incompetence. This is clearly demonstrated by your great work and the problems that you encounter when trying to make this "THING" called DNI works.
Actualization.
Finally I have obtained a certificate from the FNMT using the DNI 3.0 with the master brand of Opensc in Firefox 52.1.0 (64 bits) and the plugin signTextJS 0.7.7.
Unfortunately the dnie doesn't work now in BBVA.NET with this version of Firefox (don't ask for the pin)
Finally I have obtained a certificate from the FNMT using the DNI 3.0 with the master brand of Opensc in Firefox 52.1.0 (64 bits) and the plugin signTextJS 0.7.7.
Unfortunately the dnie doesn't work now in BBVA.NET with this version of Firefox (don't ask for the pin)
Comments