Little PKCS#11 tester for the DNIe
C M4 Makefile
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


# dnie-pkcs11-tester

This program is just a lttle PKCS#11 tester for the DNIe (Spanish eID). It is intended to be used with the pkcs11 library provided by Opensc.

The auto-tools can be used for compilng it.

    autoreconf -iv

This creates a _dnie-pkcs11-tester_ in the current directory you can execute. If you need to use a custom openssl location (cryto library is used to show the certificates inside the card) you can specify it using the --with-ssl option.

    autoreconf -iv
    ./configure --with-ssl=/path/to/openssl

If you want you can compile by yourself (maybe it is easier) just execute a command like this:

    gcc -I. dnie-pkcs11-tester.c -o dnie-pkcs11-tester -lcrypto -ldl

Now the tester uses _dlopen_ to access to the PKCS#11 library (previously it was linked to the library in a direct way). So the library to test should be passed as the only argument.

Finally the current status of the tests which are executed is the following:

  Usage: dnie-pkcs11-tester [OPTIONS]

  ARGUMENTS: PKCS#11 library to test.

    --test=TEST -t TEST: Executes the test TEST (order or name of the test).
      This parameter can be used several times (several tests are run).
    --all -a: All default tests are executed.
    --help -h: Prints this usage.

     1.- name: login
         description: Login into the DNIe.
         default: yes
     2.- name: list-objects
         description: List all objects inside the DNIe.
         default: yes
     3.- name: logout
         description: Test for login, logout and login again.
         default: yes
     4.- name: signature
         description: Performs two sequential signatures with the sign key.
         default: yes
     5.- name: authentication
         description: Performs two sequential signatures with the auth key.
         default: yes
     6.- name: interference
         description: Executes two processes in a way that one steals the secure channel of the other after the login, some sleeps are used for that, this test is 60 seconds in length.
         default: yes
     7.- name: auth-11
         description: Executes 11 signatures with the auth key. OpenSC has a default pin cache of 10 uses, DNIe v3.0 needs more.
         default: no