Hi Holger!
> I have run into an issue using a SignTrust TCOS Card (issuer: Deutsche
> Telekom) in a Reiner SCT cyberjack smart card reader. I am using the
> CTAPI driver supplied by ReinerSCT (libctapi-cyberjack).
>
> I can't create signatures on the card using the default siganture key in
> slot 0. The error message is:
> { 0x6A87, SC_ERROR_INCORRECT_PARAMETERS,"Lc inconsistent with P1-P2" },
> Using the keys in Slot 1 or 2 works fine for generating signatures.
> From the debug data, I suppose, that signatures in the non-default
> security environment succedd, while the siganture in the default
> security environment fails...
>
> Unfortunately I got no idea why....can anybody comment and direct me
> towards a fix?
There is no fix :-(. TCOS supports two different sorts of keys, i.e.
signature-keys and decryption-keys.
With a signature-key you can do only signature-operations, with a
decryption-key you can do decryption-operations only.
Now calculating the signature of a hash-value is just the same
as decrypting the padded hash-value. Therefore one can calculate
signatures with decryption-keys. But you cannot decrypt with
signature-keys.
So what where you trying to do? Creating a signature (possible with
all keys) or decrypting (possible with decryption-keys only)?
Please let me know - it seems that you were trying to sign something
and this should be possible with all keys.
Peter
--
"Feel free" - 10 GB Mailbox, 100 FreeSMS/Monat ...
Jetzt GMX TopMail testen: http://www.gmx.net/de/go/topmail
--
Echte DSL-Flatrate dauerhaft für 0,- Euro*!
"Feel free" mit GMX DSL! http://www.gmx.net/de/go/dsl
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
