Closed hiviah closed 7 years ago
Importing PEM files containing multiple objects isn't supported. You can import the two files separately.
Edit: To clarify what is happening: Only the first object is being imported (the cert), so there is no key in the slot, and thus it is not usable.
OK I can confirm this. If I split them and import twice, it works.
Also, if the certificate contains some extra text outside the ---BEGIN CERTIFICETE--- end ---END CERTIFICATE---, it may fail with "Certificate is to large to fit in buffer."
So it basically seems that PIV manager needs to do some sanity checks on the files before importing them.
Support for PEM files including both a certificate and a private key is now added, and will be included in the next release.
Importing pem files containing cert + priv key is working. But importing pfx is not working. I used xca and I used Microsoft certificate manager, no way. pem with key and no password : yes
Let's have three keys files: 2048-bit private key, client certificate and CA certificate
client.key
,client.crt
aca.crt
. Let's import it into slot 9c.This makes an unusable key:
cat client.crt client.key > cert_key.pem
pkcs11-tool --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -t -l -p MYPIN
- it fails (I got CKR_DATA_INVALID as error)Importing the same cert/key pair as PKCS#12 works though: