1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
#! /usr/bin/env tclsh
lappend auto_path [file join [pwd] work lib]
set pkcs11_module "/usr/local/lib/libcackey_g.so"
load tclpkcs11.so Tclpkcs11
set handle [::pki::pkcs11::loadmodule $pkcs11_module]
puts "Handle: $handle"
set slots [::pki::pkcs11::listslots $handle]
puts "Slots: $slots"
foreach slotinfo $slots {
set slotid [lindex $slotinfo 0]
set slotlabel [lindex $slotinfo 1]
set slotflags [lindex $slotinfo 2]
if {[lsearch -exact $slotflags TOKEN_PRESENT] != -1} {
set token_slotlabel $slotlabel
set token_slotid $slotid
}
}
if {![info exists token_slotid]} {
puts stderr "Found no slots with tokens, aborting."
exit 1
}
set certs [::pki::pkcs11::listcerts $handle $token_slotid]
puts "Found [llength $certs] certificates"
set orig "TestMsg"
foreach certinfo $certs {
puts "Cert: $certinfo"
set cipher [pki::encrypt -binary -pub $orig $certinfo]
if {[catch {
set plain [pki::decrypt -binary -priv $cipher $certinfo]
} err]} {
if {$err == "PKCS11_ERROR USER_NOT_LOGGED_IN"} {
# Login and try it again...
puts -nonewline " *** ENTER PIN: "
flush stdout
gets stdin password
::pki::pkcs11::login $handle $token_slotid $password
set plain [pki::decrypt -binary -priv $cipher $certinfo]
}
}
if {$plain != $orig} {
puts "Decryption error! Expected \"$orig\", got \"$plain\""
exit
}
set cipher [pki::encrypt -binary -priv $orig $certinfo]
set plain [pki::decrypt -binary -pub $cipher $certinfo]
puts "Got Match!"
}
::pki::pkcs11::unloadmodule $handle
|
|
|
|
|
>
|
>
>
|
|
|
|
|
|
|
|
>
>
|
>
>
|
>
|
>
>
|
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
#! /usr/bin/env tclsh
lappend auto_path [file join [pwd] work lib]
set pkcs11_module "/usr/local/lib/libcackey.so"
load tclpkcs11.so Tclpkcs11
set handle [pki::pkcs11::loadmodule $pkcs11_module]
puts "Handle: $handle"
set slots [pki::pkcs11::listslots $handle]
puts "Slots: $slots"
foreach slotinfo $slots {
set slotid [lindex $slotinfo 0]
set slotlabel [lindex $slotinfo 1]
set slotflags [lindex $slotinfo 2]
if {[lsearch -exact $slotflags TOKEN_PRESENT] != -1} {
set token_slotlabel $slotlabel
set token_slotid $slotid
}
}
if {![info exists token_slotid]} {
puts stderr "Found no slots with tokens, aborting."
exit 1
}
set certs [pki::pkcs11::listcerts $handle $token_slotid]
puts "Found [llength $certs] certificates"
set orig "TestMsg"
foreach certinfo_list $certs {
unset -nocomplain certinfo
array set certinfo $certinfo_list
puts "Cert: $certinfo(pkcs11_label) / $certinfo(subject)"
set cipher [pki::encrypt -binary -pub $orig $certinfo_list]
if {[catch {
set plain [pki::decrypt -binary -priv $cipher $certinfo_list]
} err]} {
if {$err == "PKCS11_ERROR USER_NOT_LOGGED_IN"} {
# Login and try it again...
puts -nonewline " *** ENTER PIN: "
flush stdout
gets stdin password
pki::pkcs11::login $handle $token_slotid $password
set plain [pki::decrypt -binary -priv $cipher $certinfo_list]
}
}
if {$plain != $orig} {
puts "Decryption error! Expected \"$orig\", got \"$plain\""
exit 1
}
set cipher [pki::encrypt -binary -priv $orig $certinfo_list]
set plain [pki::decrypt -binary -pub $cipher $certinfo_list]
set sig [pki::sign $orig $certinfo_list]
set verify [pki::verify $sig $orig $certinfo_list]
if {!$verify} {
puts "Signature verification error!"
exit 1
}
}
pki::pkcs11::unloadmodule $handle
|