Happy Easter Holidays! I have run into an issue using a SignTrust TCOS Card (issuer: Deutsche Telekom) in a Reiner SCT cyberjack smart card reader. I am using the CTAPI driver supplied by ReinerSCT (libctapi-cyberjack).
I can't create signatures on the card using the default siganture key in slot 0. The error message is: { 0x6A87, SC_ERROR_INCORRECT_PARAMETERS,"Lc inconsistent with P1-P2" }, Using the keys in Slot 1 or 2 works fine for generating signatures. I have attached a 'diff' of debug-files obtained at two different sign operations. Lines prefixed with '-' belong to a failing attempt and lines with '+' belong to a successful attempt. >From the debug data, I suppose, that signatures in the non-default security environment succedd, while the siganture in the default security environment fails... Unfortunately I got no idea why....can anybody comment and direct me towards a fix? card.c:254:sc_transmit_apdu: called card.c:221:sc_transceive: Sending 8 bytes (resp. 258 bytes): 00 22 C1 B8 03 84 01 80 ."...... -card.c:274:sc_transmit_apdu: Received 0 bytes (SW1=6A SW2=88) +card.c:274:sc_transmit_apdu: Received 0 bytes (SW1=90 SW2=00) sec.c:67:sc_set_security_env: returning with: 0 sec.c:49:sc_compute_signature: called card.c:254:sc_transmit_apdu: called card.c:221:sc_transceive: Sending 134 bytes (resp. 258 bytes, sensitive): -00 2A 9E 9A 80 31 32 33 34 35 36 37 38 39 30 31 .*...12345678901 +00 2A 80 84 80 31 32 33 34 35 36 37 38 39 30 31 .*...12345678901 32 33 34 35 36 37 38 39 30 31 32 33 34 35 36 37 2345678901234567 38 39 30 31 32 33 34 35 36 37 38 39 30 31 32 33 8901234567890123 34 35 36 37 38 39 30 31 32 33 34 35 36 37 38 39 4567890123456789 @@ -588,6 +588,50 @@ 32 33 34 35 36 37 38 39 30 31 32 33 34 35 36 37 2345678901234567 38 39 30 31 32 33 34 35 36 37 38 39 30 31 32 33 8901234567890123 34 35 36 37 0A 00 4567.. -card.c:274:sc_transmit_apdu: Received 0 bytes (SW1=6A SW2=87) -framework-pkcs15.c:1849:pkcs15_prkey_sign: Sign complete. Result -1205. -pkcs11-object.c:583:C_SignFinal: C_SignFinal returns 32 +card.c:274:sc_transmit_apdu: Received 128 bytes (SW1=90 SW2=00) static int tcos_compute_signature(sc_card_t *card, const u8 * data, size_t datalen, u8 * out, size_t outlen) { ... if(((tcos_data *)card->drv_data)->sign_with_def_env){ sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0x2A, 0x9E, 0x9A); memcpy(sbuf, data, datalen); } else { unsigned int keylen=128; /* FIXME: use correct key-size */ sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0x2A, 0x80, 0x84); for(i = 0; i < sizeof(sbuf); ++i) sbuf[i]=0xff; sbuf[0]=0x00; sbuf[1]=0x01; sbuf[keylen-datalen-1]=0x00; memcpy(sbuf+keylen-datalen, data, datalen); datalen=keylen; } ... Regards, Holger _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel