SEC_ERROR_IO erhalten, wenn authentifiziert sich mit PKCS11 -Token authentifiziert? ⇐ C++

[Guest]

Ich schreibe eine Demo, um ein Schlüsselpaar im TPM-Gerät auf Linux (Ubuntu) von NSS und PKCS#11 zu generieren und zu speichern. NSSDB, wie: < /p>

Code: Select all

time@PF2CMPHV:~$ modutil -list -dbdir sql:/home/time/.time/nssdb

Listing of PKCS #11 Modules
-----------------------------------------------------------
1. NSS Internal PKCS #11 Module
uri: pkcs11:library-manufacturer=Mozilla%20Foundation;library-description=NSS%20Internal%20Crypto%20Services;library-version=3.98
slots: 2 slots attached
status: loaded

slot: NSS Internal Cryptographic Services
token: NSS Generic Crypto Services
uri: pkcs11:token=NSS%20Generic%20Crypto%20Services;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203

slot: NSS User Private Key and Certificate Services
token: NSS Certificate DB
uri: pkcs11:token=NSS%20Certificate%20DB;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203

2. TPM2_PKCS11
library name: /usr/local/lib/libtpm2_pkcs11.so
uri: pkcs11:library-manufacturer=tpm2-software.github.io;library-description=TPM2.0%20Cryptoki;library-version=1.9
slots: 3 slots attached
status: loaded

slot: time.test
token: time.test
uri: pkcs11:token=time.test;manufacturer=Intel;serial=0000000000000000;model=Intel

slot: time.test.token
token: time.test.token
uri: pkcs11:token=time.test.token;manufacturer=Intel;serial=0000000000000000;model=Intel

slot:
token:
uri: pkcs11:manufacturer=Intel;serial=0000000000000000;model=Intel
< /code>
Ich liste außerdem die verfügbaren Slots von PKCS11-Tool < /p>
 auf ">time@PF2CMPHV:~$ pkcs11-tool --module /usr/local/lib/libtpm2_pkcs11.so --list-slots
Available slots:
Slot 0 (0x1): time.test
token label        : time.test
token manufacturer : Intel
token model        : Intel
token flags        : login required, rng, token initialized, PIN initialized
hardware version   : 1.38
firmware version   : 244.14
serial num         : 0000000000000000
pin min/max        : 0/128
Slot 1 (0x2): time.test.token
token label        : time.test.token
token manufacturer : Intel
token model        : Intel
token flags        : login required, rng, token initialized, PIN initialized
hardware version   : 1.38
firmware version   : 244.14
serial num         : 0000000000000000
pin min/max        : 0/128
Slot 2 (0x3):
token state:   uninitialized
< /code>
Ich habe den Stift des Tokens initialisiert.  Dann versuche ich, dieses Token zu bekommen und mich mit Code anzumelden: < /p>
static const char db_dir[] = "sql:/home/time/.time/nssdb";

int InitNSSDatabase() {
SECStatus rv = NSS_Init(db_dir);
if (rv != SECSuccess) {
std::cout