qemu-discuss
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-discuss] Virtual ccid is empty


From: Anton Gerasimov
Subject: Re: [Qemu-discuss] Virtual ccid is empty
Date: Thu, 7 Sep 2017 14:55:43 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0

Yes, absolutely. It is shown as sqlite database by file utility, can be
opened and browsed with sqlite3. And the file names (cert9.db and
key4.db) are what is expected with new DB format (older ones are
cert8.db and key3.db) and according to strace qemu reads exactly these
files. I've also tried the trick with setting NSS_DEFAULT_DB_TYPE to
'sql' just in case, didn't help unfortunately.

Anton

On 09/07/2017 02:48 PM, Jan Schermer wrote:
> That might be true, but is the database actually sqlite? I think what you’re 
> seeing is exactly what I described. Those files might be optional, but I’d 
> bet they should be there when you just worked with that database… :)
> So maybe it’s the other way around and you need to set 
> NSS_DEFAULT_DB_TYPE=sql when creating the nssdb.
>
>
> Jan
>
>
>> On 7 Sep 2017, at 14:28, Anton Gerasimov <address@hidden> wrote:
>>
>> Thank you for the idea. Unfortunately it seems it is not the case. The
>> only quirk I can see with strace is that qemu constantly tries to access
>> '*.db-journal' and '*.db-wal' files which are not present in my case.
>> But they are optional according to my understanding of how sqlite works.
>>
>> On 09/07/2017 12:08 PM, Jan Schermer wrote:
>>> Just a wild guess - I played with this shortly a year ago. There are two 
>>> formats of NSS database and there’s a mismatch between what qemu supports 
>>> and what my Ubuntu certutil defaults to.
>>>
>>> I had to set NSS_DEFAULT_DB_TYPE=“sql" (I think?) to make qemu use the new 
>>> format... or the other way around.
>>>
>>> There was no error emitted, but when I straced it it was looking for files 
>>> that aren’t there, that’s how I found out.
>>>
>>> Jan
>>>
>>>
>>>> On 7 Sep 2017, at 10:42, Anton Gerasimov <address@hidden> wrote:
>>>>
>>>> Greetings,
>>>>
>>>> I'm trying to emulate a USB HSM in Qemu. I was following the
>>>> documentation for emulated ccid [1](point 4), but instead of importing
>>>> certificates in the host I'm just connecting to the virtual card using
>>>> pcsc-lite and OpenSC. The virtual reader itself can be found, but for
>>>> some reason there is no card inserted:
>>>>
>>>>  address@hidden:~# lsusb
>>>>  Bus 001 Device 004: ID 08e6:4433 Gemalto (was Gemplus) GemPC433-Swap
>>>>  Bus 001 Device 003: ID 0409:55aa NEC Corp. Hub
>>>>  Bus 001 Device 002: ID 0627:0001 Adomax Technology Co., Ltd
>>>>  Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
>>>>
>>>>  address@hidden:~# pkcs11-tool --list-slots
>>>>  Available slots:
>>>>  Slot 0 (0x0): Generic CCID Reader [CCID Interface]
>>>> (1-0000:00:01.2-2.1) 00 00
>>>>    (empty)
>>>>
>>>>  address@hidden:~# pkcs11-tool --list-token-slots
>>>>  Available slots:
>>>>  No slots.
>>>>
>>>> On the host machine there is an nss database and all the certificates
>>>> are there:
>>>>
>>>>  $ certutil -L -d sql:fake-smartcard/
>>>>
>>>>  Certificate Nickname                                         Trust
>>>> Attributes
>>>>
>>>> SSL,S/MIME,JAR/XPI
>>>>
>>>>  fake-smartcard-ca                                            CTu,Cu,Cu
>>>>  id-cert                                                               
>>>> u,u,u
>>>>  signing-cert                                                        u,u,u
>>>>  encryption-cert                                                  u,u,u
>>>>
>>>> Qemu command line is:
>>>>
>>>>  qemu-system-x86_64 -drive
>>>> file=/path/to/image.img,if=ide,format=raw,snapshot=on -m 1G -usb
>>>> -usbdevice tablet -show-cursor -vga std -usb -device usb-ccid -device
>>>> ccid-card-emulated,backend=certificates,db=sql:/home/anton/fake-smartcard,cert1=id-cert,cert2=signing-cert,cert3=encryption-cert
>>>>
>>>> What can I be doing wrong?
>>>>
>>>> Thanks,
>>>> Anton Gerasimov
>>>>
>>>> [1] https://github.com/qemu/qemu/blob/master/docs/ccid.txt
>>>>
>>>> -- 
>>>> Anton Gerasimov, ATS Advanced Telematic Systems GmbH
>>>> Kantstrasse 162, 10623 Berlin
>>>> Managing Directors: Dirk Pöschl, Armin G. Schmidt
>>>> Register Court: HRB 151501 B, Amtsgericht Charlottenburg
>>>>




reply via email to

[Prev in Thread] Current Thread [Next in Thread]