Dear Pedro, I'was not able to get any signature from the card, even with 512 bit keys (i have 2 certificates on the card, 512 & 1024 keys). I've already heard that objects stored on Gemsafe Card are compressed but i haven't found any way to get these certificates. All methods/objects i used throw an exception (invalid path, ...).
To go further in details, i'm using jar files downloaded from Gemplus website (pcsc wrapper 2.0, gemplus terminal 4.1, gemplus service 0.3 and gemplus gpk 0.3). Do you have some samples that i can test ? Regards, Philippe -----Message d'origine----- De : Pedro Miguel Pereira Borges [mailto:[EMAIL PROTECTED]] Envoy� : vendredi 9 ao�t 2002 11:57 � : Frankinet Philippe Cc : [EMAIL PROTECTED] Objet : Re: [OCF] How to sign datas using OCF1.2, Gemsafe 16K, GCR410 readers ? Hi, > How can i sign datas using OCF1.2 with a Gemsafe 16K card and a GCR410 > readers (or GCR 400) ? I'm also trying out GemSAFE 16K cards but I'm having a lot of problems... One of the problems I have is that the signatures I get from the card are OK if they are created with 512 bit keys but are NOK otherwise... > I've tried several piece of code but i'm not able to sign datas. In fact, > i'm unable to find certificates on the card. Only the end user certificate is on the card (an not the whole chain) on the :3F00:0200:0004, but it's stored in a compressed way (it starts with 0x 02 92)... To be able to obtain it uncompressed you should use the PKCS#11 that comes with the GemSAFE libraries (but I'm also having problems with this because sometimes it works and sometimes it doesn't)... > > This address :3F00:0200 is marked as PK DIRECTORY. GPKKeyManagementService > kms.pkDIR gives me 6 objects : > > System.out.println("\nPK Directory"); > byte[] list = kms.pkDir(path); > if(list != null) { > for(int i = 0; i < list.length; i += 3) { > int fileSize = ArrayUtils.decodeByte(list[i+1])*256 + > ArrayUtils.decodeByte(list[i+2]); > System.out.println("File with SFI " + HexString.hexify(list[i]) + " > has body size of " + fileSize + " bytes."); > } > } > > Output was : > > File with SFI 07 has body size of 84 bytes. File with SFI 08 has body size > of 84 bytes. File with SFI 09 has body size of 148 bytes. File with SFI 0A > has body size of 148 bytes. File with SFI 0B has body size of 148 bytes. > File with SFI 0C has body size of 148 bytes. These are the files of the private keys that are (or will be) on the card... The ones with a body of 84 bytes correspond to 512 bit keys and the ones with a body of 148 bytes correspond to a 1024 bit key... > > I use this code to sign datas : > > GPKSignatureService scs = > (GPKSignatureService)sc.getCardService(GPKSignatureService.class,true); > CardFilePath cfp = new CardFilePath(":3F00:0200:0207"); > GPKSignatureKeyFile kf = new > GPKSignatureKeyFile(cfp,1024,GPKSignatureKeyFile.UNCERTIFIED_KEY); > // Let the card generate a signature > scs.signData(kf,JCAStandardNames.SHA1_RSA,JCAStandardNames.PKCS_PADDING,data > ); But can you obtain the signature from the card ? Is the problem in the signature verification ? If so, try using 512 bit keys because (at least from my experience) those are the only keys that allow a correct signature... Regards, Pedro Borges > > > Help needed ! Samples are welcome. > > > Frankinet Philippe > NSI s.a. > T�l : 04 239 91 50 > http://www.nsi-sa.be > > > > --- > >>Visit the OpenCard web site at http://www.opencard.org/ for more >>information on OpenCard---binaries, source code, documents. >>This list is being archived at http://www.opencard.org/archive/opencard/ > > > ! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email > ! to > ! [EMAIL PROTECTED] > ! containing the word > ! unsubscribe > ! in the body. -- ----------------------------------------------------------------------- Pedro Borges <[EMAIL PROTECTED]> MULTICERT <http://www.multicert.com/> Servi�os de Certifica��o Electr�nica, S.A. DDI: +351 22 3391816 Mobile: +351 96 8332329 ----------------------------------------------------------------------- Edif�cio Correios de Portugal Phone: +351 22 3391810 Pra�a da Trindade, 32 - 3� Andar Fax: +351 22 3391811 4000-539 Porto, PORTUGAL ----------------------------------------------------------------------- --- > Visit the OpenCard web site at http://www.opencard.org/ for more > information on OpenCard---binaries, source code, documents. > This list is being archived at http://www.opencard.org/archive/opencard/ ! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email ! to ! [EMAIL PROTECTED] ! containing the word ! unsubscribe ! in the body. --- > Visit the OpenCard web site at http://www.opencard.org/ for more > information on OpenCard---binaries, source code, documents. > This list is being archived at http://www.opencard.org/archive/opencard/ ! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email ! to ! [EMAIL PROTECTED] ! containing the word ! unsubscribe ! in the body.
