That might be true, but is the database actually sqlite? I think what you’re seeing is exactly what I described. Those files might be optional, but I’d bet they should be there when you just worked with that database… :) So maybe it’s the other way around and you need to set NSS_DEFAULT_DB_TYPE=sql when creating the nssdb.
Jan > On 7 Sep 2017, at 14:28, Anton Gerasimov <an...@advancedtelematic.com> wrote: > > Thank you for the idea. Unfortunately it seems it is not the case. The > only quirk I can see with strace is that qemu constantly tries to access > '*.db-journal' and '*.db-wal' files which are not present in my case. > But they are optional according to my understanding of how sqlite works. > > On 09/07/2017 12:08 PM, Jan Schermer wrote: >> Just a wild guess - I played with this shortly a year ago. There are two >> formats of NSS database and there’s a mismatch between what qemu supports >> and what my Ubuntu certutil defaults to. >> >> I had to set NSS_DEFAULT_DB_TYPE=“sql" (I think?) to make qemu use the new >> format... or the other way around. >> >> There was no error emitted, but when I straced it it was looking for files >> that aren’t there, that’s how I found out. >> >> Jan >> >> >>> On 7 Sep 2017, at 10:42, Anton Gerasimov <an...@advancedtelematic.com> >>> wrote: >>> >>> Greetings, >>> >>> I'm trying to emulate a USB HSM in Qemu. I was following the >>> documentation for emulated ccid [1](point 4), but instead of importing >>> certificates in the host I'm just connecting to the virtual card using >>> pcsc-lite and OpenSC. The virtual reader itself can be found, but for >>> some reason there is no card inserted: >>> >>> root@qemux86-64:~# lsusb >>> Bus 001 Device 004: ID 08e6:4433 Gemalto (was Gemplus) GemPC433-Swap >>> Bus 001 Device 003: ID 0409:55aa NEC Corp. Hub >>> Bus 001 Device 002: ID 0627:0001 Adomax Technology Co., Ltd >>> Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub >>> >>> root@qemux86-64:~# pkcs11-tool --list-slots >>> Available slots: >>> Slot 0 (0x0): Generic CCID Reader [CCID Interface] >>> (1-0000:00:01.2-2.1) 00 00 >>> (empty) >>> >>> root@qemux86-64:~# pkcs11-tool --list-token-slots >>> Available slots: >>> No slots. >>> >>> On the host machine there is an nss database and all the certificates >>> are there: >>> >>> $ certutil -L -d sql:fake-smartcard/ >>> >>> Certificate Nickname Trust >>> Attributes >>> >>> SSL,S/MIME,JAR/XPI >>> >>> fake-smartcard-ca CTu,Cu,Cu >>> id-cert >>> u,u,u >>> signing-cert u,u,u >>> encryption-cert u,u,u >>> >>> Qemu command line is: >>> >>> qemu-system-x86_64 -drive >>> file=/path/to/image.img,if=ide,format=raw,snapshot=on -m 1G -usb >>> -usbdevice tablet -show-cursor -vga std -usb -device usb-ccid -device >>> ccid-card-emulated,backend=certificates,db=sql:/home/anton/fake-smartcard,cert1=id-cert,cert2=signing-cert,cert3=encryption-cert >>> >>> What can I be doing wrong? >>> >>> Thanks, >>> Anton Gerasimov >>> >>> [1] https://github.com/qemu/qemu/blob/master/docs/ccid.txt >>> >>> -- >>> Anton Gerasimov, ATS Advanced Telematic Systems GmbH >>> Kantstrasse 162, 10623 Berlin >>> Managing Directors: Dirk Pöschl, Armin G. Schmidt >>> Register Court: HRB 151501 B, Amtsgericht Charlottenburg >>>
