Little PKCS#11 tester for the DNIe
C M4 Makefile
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
.gitignore
AUTHORS
COPYING
ChangeLog
INSTALL
Makefile.am
NEWS
README
configure.ac
dnie-pkcs11-tester.c
pkcs11.h
pkcs11f.h
pkcs11t.h

README

# dnie-pkcs11-tester

This program is just a lttle PKCS#11 tester for the DNIe (Spanish eID). It is intended to be used with the pkcs11 library provided by Opensc.

The auto-tools can be used for compilng it.

    autoreconf -iv
    ./configure
    make

This creates a _dnie-pkcs11-tester_ in the current directory you can execute. If you need to use a custom openssl location (cryto library is used to show the certificates inside the card) you can specify it using the --with-ssl option.

    autoreconf -iv
    ./configure --with-ssl=/path/to/openssl
    make

If you want you can compile by yourself (maybe it is easier) just execute a command like this:

    gcc -I. dnie-pkcs11-tester.c -o dnie-pkcs11-tester -lcrypto -ldl

Now the tester uses _dlopen_ to access to the PKCS#11 library (previously it was linked to the library in a direct way). So the library to test should be passed as the only argument.

Finally the current status of the tests which are executed is the following:

  Usage: dnie-pkcs11-tester [OPTIONS] pkcs11-lib.so

  ARGUMENTS:
    pkcs11-lib.so: PKCS#11 library to test.

  OPTIONS:
    --test=TEST -t TEST: Executes the test TEST (order or name of the test).
      This parameter can be used several times (several tests are run).
    --all -a: All default tests are executed.
    --help -h: Prints this usage.

  TESTS:
     1.- name: login
         description: Login into the DNIe.
         default: yes
     2.- name: list-objects
         description: List all objects inside the DNIe.
         default: yes
     3.- name: logout
         description: Test for login, logout and login again.
         default: yes
     4.- name: signature
         description: Performs two sequential signatures with the sign key.
         default: yes
     5.- name: authentication
         description: Performs two sequential signatures with the auth key.
         default: yes
     6.- name: interference
         description: Executes two processes in a way that one steals the secure channel of the other after the login, some sleeps are used for that, this test is 60 seconds in length.
         default: yes
     7.- name: auth-11
         description: Executes 11 signatures with the auth key. OpenSC has a default pin cache of 10 uses, DNIe v3.0 needs more.
         default: no