Happy Easter Holidays!
I have run into an issue using a SignTrust TCOS Card (issuer: Deutsche
Telekom) in a Reiner SCT cyberjack smart card reader. I am using the
CTAPI driver supplied by ReinerSCT (libctapi-cyberjack).
I can't create signatures on the card using the default siganture key in
slot 0. The error message is:
{ 0x6A87, SC_ERROR_INCORRECT_PARAMETERS,"Lc inconsistent with P1-P2" },
Using the keys in Slot 1 or 2 works fine for generating signatures.
I have attached a 'diff' of debug-files obtained at two different sign
operations. Lines prefixed with '-' belong to a failing attempt and
lines with '+' belong to a successful attempt.
>From the debug data, I suppose, that signatures in the non-default
security environment succedd, while the siganture in the default
security environment fails...
Unfortunately I got no idea why....can anybody comment and direct me
towards a fix?
card.c:254:sc_transmit_apdu: called
card.c:221:sc_transceive: Sending 8 bytes (resp. 258 bytes):
00 22 C1 B8 03 84 01 80 ."......
-card.c:274:sc_transmit_apdu: Received 0 bytes (SW1=6A SW2=88)
+card.c:274:sc_transmit_apdu: Received 0 bytes (SW1=90 SW2=00)
sec.c:67:sc_set_security_env: returning with: 0
sec.c:49:sc_compute_signature: called
card.c:254:sc_transmit_apdu: called
card.c:221:sc_transceive: Sending 134 bytes (resp. 258 bytes,
sensitive):
-00 2A 9E 9A 80 31 32 33 34 35 36 37 38 39 30 31 .*...12345678901
+00 2A 80 84 80 31 32 33 34 35 36 37 38 39 30 31 .*...12345678901
32 33 34 35 36 37 38 39 30 31 32 33 34 35 36 37 2345678901234567
38 39 30 31 32 33 34 35 36 37 38 39 30 31 32 33 8901234567890123
34 35 36 37 38 39 30 31 32 33 34 35 36 37 38 39 4567890123456789
@@ -588,6 +588,50 @@
32 33 34 35 36 37 38 39 30 31 32 33 34 35 36 37 2345678901234567
38 39 30 31 32 33 34 35 36 37 38 39 30 31 32 33 8901234567890123
34 35 36 37 0A 00 4567..
-card.c:274:sc_transmit_apdu: Received 0 bytes (SW1=6A SW2=87)
-framework-pkcs15.c:1849:pkcs15_prkey_sign: Sign complete. Result -1205.
-pkcs11-object.c:583:C_SignFinal: C_SignFinal returns 32
+card.c:274:sc_transmit_apdu: Received 128 bytes (SW1=90 SW2=00)
static int tcos_compute_signature(sc_card_t *card, const u8 * data,
size_t datalen, u8 * out, size_t outlen)
{
...
if(((tcos_data *)card->drv_data)->sign_with_def_env){
sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0x2A,
0x9E, 0x9A);
memcpy(sbuf, data, datalen);
} else {
unsigned int keylen=128; /* FIXME: use correct key-size
*/
sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0x2A,
0x80, 0x84);
for(i = 0; i < sizeof(sbuf); ++i)
sbuf[i]=0xff;
sbuf[0]=0x00; sbuf[1]=0x01; sbuf[keylen-datalen-1]=0x00;
memcpy(sbuf+keylen-datalen, data, datalen);
datalen=keylen;
}
...
Regards,
Holger
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
