Please see my inline responses.
Martin Schneider wrote:
Hello Subrata and others
Thanks for your reply. Unfortunately this doesn't work for me.
Here is a bash shell-script that I have used to start the Opencryptoki
PKCS#11 driver :
# BIOS Set up
# Step 1. Turn the computer off.
# Step 2. Turn the computer on and press F1 to enter the BIOS setup menu.
# Step 3. From the Security menu, locate the option to clear the
security device.
# Sometimes it is referred to as the TPM or TCG feature.
# Step 4. Save and exit the BIOS setup menu.
# Step 5. Restart
Didn't you take ownership of the TPM?
Yes, I did. The script was in another file and I forgot to post it :
# Source:
https://www.grounation.org/index.php?2008/07/04/8-how-to-use-a=tpm-with-linux
# Please make sure that Trousers daemon (tcsd) is running - use 'tcsd
-f' to run it.
# Take ownership of the TPM by initializing the owner and the Storage
Root Key (SRK) password
# This operation may take a while.
tpm_takeownership
# Create the Public Endorsement Key - which is a RSA key-pair
tpm_createek
# Display the Public Endorsement key
tpm_getpubek
I use tpm_tools package in Ubuntu which already comes with
opencryptoki. The pkcsslotd is running, too
# Test the PKCS-slot (in su mode)
pkcsconf -i # for info
pkcsconf -t # for token-info
pkcsconf -s # for slot-info
All these commands seem to work and output reasonable text
# Initialize the token
pkcsconf -I -c 0 # Initalize the slot zero (0)
# Provide SO password (default is 87654321)
# Must Modify the user PIN for slot 0
pkcsconf -u -c 0 # Initalize the user PIN for slot zero (0)
Also this worked.
# load the opencryptoki library in the firefox browser using the
# Security device dialog window.
# Name: OpenCryptoki
# Library: /usr/local/lib/opencryptoki/libopencryptoki.so.0
Only when I try to go the last step, things go wrong. Firefox crashes
immediately without importing the library. When I start FF from
command line, the only error description I can get is "Segmentation
Fault".
I am not sure why it is not working for you. I used Firefox 3 on Fedora 8.
I found that Firefox which is part of Ubuntu distribution has some
binary incompatibilities for Mozilla-NSS.
I would suggest that you download Firefox directly from Mozilla site and
try to load the opencryptoki PKCS#11 module again.
You can also try the command line certutil to see if the PKCS#11 module
is working - use the browser's profile directory for -d option.
I also tried to use tpmtoken_init for pkcsconf -I -c 0 + pkcsconf -u -
c 0 (tpmtoken_init seems to be only a wrapper for pkcsconf) but the
result is the same, when I want to load opencryptoki into FF.
Has anybody a suggestion?
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
