Just a wild guess - I played with this shortly a year ago. There are two formats of NSS database and there’s a mismatch between what qemu supports and what my Ubuntu certutil defaults to.
I had to set NSS_DEFAULT_DB_TYPE=“sql" (I think?) to make qemu use the new format... or the other way around. There was no error emitted, but when I straced it it was looking for files that aren’t there, that’s how I found out. Jan > On 7 Sep 2017, at 10:42, Anton Gerasimov <an...@advancedtelematic.com> wrote: > > Greetings, > > I'm trying to emulate a USB HSM in Qemu. I was following the > documentation for emulated ccid [1](point 4), but instead of importing > certificates in the host I'm just connecting to the virtual card using > pcsc-lite and OpenSC. The virtual reader itself can be found, but for > some reason there is no card inserted: > > root@qemux86-64:~# lsusb > Bus 001 Device 004: ID 08e6:4433 Gemalto (was Gemplus) GemPC433-Swap > Bus 001 Device 003: ID 0409:55aa NEC Corp. Hub > Bus 001 Device 002: ID 0627:0001 Adomax Technology Co., Ltd > Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub > > root@qemux86-64:~# pkcs11-tool --list-slots > Available slots: > Slot 0 (0x0): Generic CCID Reader [CCID Interface] > (1-0000:00:01.2-2.1) 00 00 > (empty) > > root@qemux86-64:~# pkcs11-tool --list-token-slots > Available slots: > No slots. > > On the host machine there is an nss database and all the certificates > are there: > > $ certutil -L -d sql:fake-smartcard/ > > Certificate Nickname Trust > Attributes > > SSL,S/MIME,JAR/XPI > > fake-smartcard-ca CTu,Cu,Cu > id-cert > u,u,u > signing-cert u,u,u > encryption-cert u,u,u > > Qemu command line is: > > qemu-system-x86_64 -drive > file=/path/to/image.img,if=ide,format=raw,snapshot=on -m 1G -usb > -usbdevice tablet -show-cursor -vga std -usb -device usb-ccid -device > ccid-card-emulated,backend=certificates,db=sql:/home/anton/fake-smartcard,cert1=id-cert,cert2=signing-cert,cert3=encryption-cert > > What can I be doing wrong? > > Thanks, > Anton Gerasimov > > [1] https://github.com/qemu/qemu/blob/master/docs/ccid.txt > > -- > Anton Gerasimov, ATS Advanced Telematic Systems GmbH > Kantstrasse 162, 10623 Berlin > Managing Directors: Dirk Pöschl, Armin G. Schmidt > Register Court: HRB 151501 B, Amtsgericht Charlottenburg >
