qemu-discuss
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-discuss] Virtual ccid is empty

From: Jan Schermer
Subject: Re: [Qemu-discuss] Virtual ccid is empty
Date: Thu, 7 Sep 2017 12:08:23 +0200 
Just a wild guess - I played with this shortly a year ago. There are two 
formats of NSS database and there’s a mismatch between what qemu supports and 
what my Ubuntu certutil defaults to.

I had to set NSS_DEFAULT_DB_TYPE=“sql" (I think?) to make qemu use the new 
format... or the other way around.

There was no error emitted, but when I straced it it was looking for files that 
aren’t there, that’s how I found out.

Jan


> On 7 Sep 2017, at 10:42, Anton Gerasimov <address@hidden> wrote:
> 
> Greetings,
> 
> I'm trying to emulate a USB HSM in Qemu. I was following the
> documentation for emulated ccid [1](point 4), but instead of importing
> certificates in the host I'm just connecting to the virtual card using
> pcsc-lite and OpenSC. The virtual reader itself can be found, but for
> some reason there is no card inserted:
> 
>   address@hidden:~# lsusb
>   Bus 001 Device 004: ID 08e6:4433 Gemalto (was Gemplus) GemPC433-Swap
>   Bus 001 Device 003: ID 0409:55aa NEC Corp. Hub
>   Bus 001 Device 002: ID 0627:0001 Adomax Technology Co., Ltd
>   Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
> 
>   address@hidden:~# pkcs11-tool --list-slots
>   Available slots:
>   Slot 0 (0x0): Generic CCID Reader [CCID Interface]
> (1-0000:00:01.2-2.1) 00 00
>     (empty)
> 
>   address@hidden:~# pkcs11-tool --list-token-slots
>   Available slots:
>   No slots.
> 
> On the host machine there is an nss database and all the certificates
> are there:
> 
>   $ certutil -L -d sql:fake-smartcard/
> 
>   Certificate Nickname                                         Trust
> Attributes
>                                                             
> SSL,S/MIME,JAR/XPI
> 
>   fake-smartcard-ca                                            CTu,Cu,Cu
>   id-cert                                                               
> u,u,u
>   signing-cert                                                        u,u,u
>   encryption-cert                                                  u,u,u
> 
> Qemu command line is:
> 
>   qemu-system-x86_64 -drive
> file=/path/to/image.img,if=ide,format=raw,snapshot=on -m 1G -usb
> -usbdevice tablet -show-cursor -vga std -usb -device usb-ccid -device
> ccid-card-emulated,backend=certificates,db=sql:/home/anton/fake-smartcard,cert1=id-cert,cert2=signing-cert,cert3=encryption-cert
> 
> What can I be doing wrong?
> 
> Thanks,
> Anton Gerasimov
> 
> [1] https://github.com/qemu/qemu/blob/master/docs/ccid.txt
> 
> -- 
> Anton Gerasimov, ATS Advanced Telematic Systems GmbH
> Kantstrasse 162, 10623 Berlin
> Managing Directors: Dirk Pöschl, Armin G. Schmidt
> Register Court: HRB 151501 B, Amtsgericht Charlottenburg
>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]