rutoken + openvpn
Добрый день!
Пытаюсь прикрутить rutoken к openvpn. Использую opensc 0.11.11+patches, openvpn 2.1 rc
20. Сформировал клиентский сертификат+ключи в .p12, залил их на rutoken:
pkcs15-tool --list-pins
Using reader with a card: Aktiv Co. ruToken 0
PIN [Security Officer PIN]
Com. Flags: 0x3
ID : 01
Flags : [0x9B], case-sensitive, local, unblock-disabled, initialized, soPin
Length : min_len:8, max_len:16, stored_len:16
Pad char : 0xFF
Reference : 1
Type : ascii-numeric
Path : 3f005015
PIN [User PIN]
Com. Flags: 0x3
ID : 02
Flags : [0x1B], case-sensitive, local, unblock-disabled, initialized
Length : min_len:8, max_len:16, stored_len:16
Pad char : 0xFF
Reference : 2
Type : ascii-numeric
Path : 3f005015
pkcs15-init -S client-cert.p12 -f PKCS12 -a 02C:\OpenSC\bin>pkcs15-tool -c
Using reader with a card: Aktiv Co. ruToken 0
X.509 Certificate [/C=RU/ST=RUSSIA/L=Moscow/O=XXX/OU=YYY/CN=X-5]
Flags : 2
Authority: no
Path : 3f0050150345
ID : 45
X.509 Certificate [/C=RU/ST=RUSSIA/L=Moscow/O=XXX/OU=YYY/CN=ZZZ]
Flags : 2
Authority: yes
Path : 3f0050150346
ID : 46Ключ есть
C:\OpenSC\bin>pkcs15-tool -k
Using reader with a card: Aktiv Co. ruToken 0
Private RSA Key [Private Key]
Com. Flags : 3
Usage : [0x10C], sign, signRecover, derive
Access Flags: [0x1D], sensitive, alwaysSensitive, neverExtract, local
ModLength : 1024
Key ref : 0
Native : yes
Path : 3f0050150145
Auth ID : 02
ID : 45openvpn сертификат видит:
C:\OpenSC\bin>openvpn.exe --show-pkcs11-ids opensc-pkcs11.dll
The following objects are available for use.
Each object shown below may be used as parameter to
--pkcs11-id option please remember to use single quote mark.
Certificate
DN: /C=RU/ST=RUSSIA/L=Moscow/O=XXX/OU=YYY/CN=X-5
Serial: 07
Serialized id: Aktiv\x20Co\x2E/PKCS\x2315/42471127/Rutoken\x20S\x20x28User\x20PIN\x29/4соответственно в конфиг openvpn добавил опции
pkcs11-providers opensc-pkcs11.dll
pkcs11-id 'Aktiv\x20Co\x2E/PKCS\x2315/42471127/Rutoken\x20S\x20\x28User\x20PIN\x29/45'А вот дальше начинаются непонятки. Лог сессии openvpn:
Thu Oct 29 22:37:07 2009 OpenVPN 2.1_rc20 i686-pc-mingw32 [SSL] [LZO2] [PKCS11]
built on Oct 24 2009
Thu Oct 29 22:37:07 2009 PKCS#11: Adding PKCS#11 provider 'opensc-pkcs11.dll'
Thu Oct 29 22:37:11 2009 LZO compression initialized
Thu Oct 29 22:37:21 2009 VERIFY OK: depth=1, /C=RU/ST=RUSSIA/L=Moscow/O=XXX/OU=YYY/CN=ZZZ
Thu Oct 29 22:37:21 2009 VERIFY OK: nsCertType=SERVER
Thu Oct 29 22:37:21 2009 VERIFY KU OK
Thu Oct 29 22:37:21 2009 Validating certificate extended key usage
Thu Oct 29 22:37:21 2009 VERIFY EKU OK
Thu Oct 29 22:37:21 2009 VERIFY X509NAME OK: /C=RU/ST=RUSSIA/L=Moscow/O=XXX/OU=YYY/CN=S1
Thu Oct 29 22:37:21 2009 VERIFY OK: depth=0, /C=RU/ST=RUSSIA/L=Moscow/O=XXX/OU=YYY/CN=S1
Enter Rutoken S (User PIN) token Password:
[opensc-pkcs11] card-rutoken.c:223:rutoken_check_sw: File (DO) not found
[opensc-pkcs11] card-rutoken.c:422:rutoken_select_file: : File not found
[opensc-pkcs11] card-rutoken.c:1268:extract_key: returning with: File not found
[opensc-pkcs11] card-rutoken.c:1339:cipher_ext: returning with: File not found
[opensc-pkcs11] card-rutoken.c:1390:rutoken_compute_signature: returning with: File not found
[opensc-pkcs11] sec.c:53:sc_compute_signature: returning with: File not found
[opensc-pkcs11] pkcs15-sec.c:273:sc_pkcs15_compute_signature: sc_compute_signature() failed: File not foundЧего не можем найти?