qemu-discuss
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-discuss] Virtual ccid is empty

From: Anton Gerasimov
Subject: [Qemu-discuss] Virtual ccid is empty
Date: Thu, 7 Sep 2017 10:42:12 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 
Greetings,

I'm trying to emulate a USB HSM in Qemu. I was following the
documentation for emulated ccid [1](point 4), but instead of importing
certificates in the host I'm just connecting to the virtual card using
pcsc-lite and OpenSC. The virtual reader itself can be found, but for
some reason there is no card inserted:

  address@hidden:~# lsusb
  Bus 001 Device 004: ID 08e6:4433 Gemalto (was Gemplus) GemPC433-Swap
  Bus 001 Device 003: ID 0409:55aa NEC Corp. Hub
  Bus 001 Device 002: ID 0627:0001 Adomax Technology Co., Ltd
  Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub

  address@hidden:~# pkcs11-tool --list-slots
  Available slots:
  Slot 0 (0x0): Generic CCID Reader [CCID Interface]
(1-0000:00:01.2-2.1) 00 00
    (empty)

  address@hidden:~# pkcs11-tool --list-token-slots
  Available slots:
  No slots.

On the host machine there is an nss database and all the certificates
are there:

  $ certutil -L -d sql:fake-smartcard/

  Certificate Nickname                                         Trust
Attributes
                                                            
SSL,S/MIME,JAR/XPI

  fake-smartcard-ca                                            CTu,Cu,Cu
  id-cert                                                               
u,u,u
  signing-cert                                                        u,u,u
  encryption-cert                                                  u,u,u

Qemu command line is:

  qemu-system-x86_64 -drive
file=/path/to/image.img,if=ide,format=raw,snapshot=on -m 1G -usb
-usbdevice tablet -show-cursor -vga std -usb -device usb-ccid -device
ccid-card-emulated,backend=certificates,db=sql:/home/anton/fake-smartcard,cert1=id-cert,cert2=signing-cert,cert3=encryption-cert

What can I be doing wrong?

Thanks,
Anton Gerasimov

[1] https://github.com/qemu/qemu/blob/master/docs/ccid.txt

-- 
Anton Gerasimov, ATS Advanced Telematic Systems GmbH
Kantstrasse 162, 10623 Berlin
Managing Directors: Dirk Pöschl, Armin G. Schmidt
Register Court: HRB 151501 B, Amtsgericht Charlottenburg
reply via email to
[Prev in Thread] Current Thread [Next in Thread]