qemu-discuss
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-discuss] Virtual ccid is empty

From: Jan Schermer
Subject: Re: [Qemu-discuss] Virtual ccid is empty
Date: Thu, 7 Sep 2017 14:58:49 +0200 
Too bad, was hoping that was it…

Please post your results if you get it working. I gave up in the end and plan 
to just pass-through real smartcards (also I need more than 1 which qemu can’t 
do). Also seems like not many people use it, so not a wise thing to use in 
production…

Jan


> On 7 Sep 2017, at 14:55, Anton Gerasimov <address@hidden> wrote:
> 
> Yes, absolutely. It is shown as sqlite database by file utility, can be
> opened and browsed with sqlite3. And the file names (cert9.db and
> key4.db) are what is expected with new DB format (older ones are
> cert8.db and key3.db) and according to strace qemu reads exactly these
> files. I've also tried the trick with setting NSS_DEFAULT_DB_TYPE to
> 'sql' just in case, didn't help unfortunately.
> 
> Anton
> 
> On 09/07/2017 02:48 PM, Jan Schermer wrote:
>> That might be true, but is the database actually sqlite? I think what you’re 
>> seeing is exactly what I described. Those files might be optional, but I’d 
>> bet they should be there when you just worked with that database… :)
>> So maybe it’s the other way around and you need to set 
>> NSS_DEFAULT_DB_TYPE=sql when creating the nssdb.
>> 
>> 
>> Jan
>> 
>> 
>>> On 7 Sep 2017, at 14:28, Anton Gerasimov <address@hidden> wrote:
>>> 
>>> Thank you for the idea. Unfortunately it seems it is not the case. The
>>> only quirk I can see with strace is that qemu constantly tries to access
>>> '*.db-journal' and '*.db-wal' files which are not present in my case.
>>> But they are optional according to my understanding of how sqlite works.
>>> 
>>> On 09/07/2017 12:08 PM, Jan Schermer wrote:
>>>> Just a wild guess - I played with this shortly a year ago. There are two 
>>>> formats of NSS database and there’s a mismatch between what qemu supports 
>>>> and what my Ubuntu certutil defaults to.
>>>> 
>>>> I had to set NSS_DEFAULT_DB_TYPE=“sql" (I think?) to make qemu use the new 
>>>> format... or the other way around.
>>>> 
>>>> There was no error emitted, but when I straced it it was looking for files 
>>>> that aren’t there, that’s how I found out.
>>>> 
>>>> Jan
>>>> 
>>>> 
>>>>> On 7 Sep 2017, at 10:42, Anton Gerasimov <address@hidden> wrote:
>>>>> 
>>>>> Greetings,
>>>>> 
>>>>> I'm trying to emulate a USB HSM in Qemu. I was following the
>>>>> documentation for emulated ccid [1](point 4), but instead of importing
>>>>> certificates in the host I'm just connecting to the virtual card using
>>>>> pcsc-lite and OpenSC. The virtual reader itself can be found, but for
>>>>> some reason there is no card inserted:
>>>>> 
>>>>> address@hidden:~# lsusb
>>>>> Bus 001 Device 004: ID 08e6:4433 Gemalto (was Gemplus) GemPC433-Swap
>>>>> Bus 001 Device 003: ID 0409:55aa NEC Corp. Hub
>>>>> Bus 001 Device 002: ID 0627:0001 Adomax Technology Co., Ltd
>>>>> Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
>>>>> 
>>>>> address@hidden:~# pkcs11-tool --list-slots
>>>>> Available slots:
>>>>> Slot 0 (0x0): Generic CCID Reader [CCID Interface]
>>>>> (1-0000:00:01.2-2.1) 00 00
>>>>>   (empty)
>>>>> 
>>>>> address@hidden:~# pkcs11-tool --list-token-slots
>>>>> Available slots:
>>>>> No slots.
>>>>> 
>>>>> On the host machine there is an nss database and all the certificates
>>>>> are there:
>>>>> 
>>>>> $ certutil -L -d sql:fake-smartcard/
>>>>> 
>>>>> Certificate Nickname                                         Trust
>>>>> Attributes
>>>>> 
>>>>> SSL,S/MIME,JAR/XPI
>>>>> 
>>>>> fake-smartcard-ca                                            CTu,Cu,Cu
>>>>> id-cert                                                               
>>>>> u,u,u
>>>>> signing-cert                                                        u,u,u
>>>>> encryption-cert                                                  u,u,u
>>>>> 
>>>>> Qemu command line is:
>>>>> 
>>>>> qemu-system-x86_64 -drive
>>>>> file=/path/to/image.img,if=ide,format=raw,snapshot=on -m 1G -usb
>>>>> -usbdevice tablet -show-cursor -vga std -usb -device usb-ccid -device
>>>>> ccid-card-emulated,backend=certificates,db=sql:/home/anton/fake-smartcard,cert1=id-cert,cert2=signing-cert,cert3=encryption-cert
>>>>> 
>>>>> What can I be doing wrong?
>>>>> 
>>>>> Thanks,
>>>>> Anton Gerasimov
>>>>> 
>>>>> [1] https://github.com/qemu/qemu/blob/master/docs/ccid.txt
>>>>> 
>>>>> -- 
>>>>> Anton Gerasimov, ATS Advanced Telematic Systems GmbH
>>>>> Kantstrasse 162, 10623 Berlin
>>>>> Managing Directors: Dirk Pöschl, Armin G. Schmidt
>>>>> Register Court: HRB 151501 B, Amtsgericht Charlottenburg
>>>>> 
>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]