Here is the debug output to add some more details for this issue: ... card-cardos.c:714:cardos_set_security_env: returning with: 0 sec.c:67:sc_set_security_env: returning with: 0 sec.c:49:sc_compute_signature: called card-cardos.c:761:cardos_compute_signature: called card-cardos.c:775:cardos_compute_signature: trying RSA_PURE_SIG (padded DigestInfo) apdu.c:516:sc_transmit_apdu: called card.c:285:sc_lock: called apdu.c:184:sc_apdu_log: Outgoing APDU data [ 265 bytes] ===================================== 00 2A 9E 9A 00 01 00 30 30 30 30 30 30 30 30 30 .*.....000000000 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 30 30 30 30 30 30 30 01 00 0000000.. ====================================================================== reader-openct.c:339:openct_reader_transmit: unable to transmit apdu.c:394:do_single_transmit: unable to transmit APDU card.c:312:sc_unlock: called card-cardos.c:742:do_compute_signature: APDU transmit failed: Generic reader error card-cardos.c:782:cardos_compute_signature: trying RSA_SIG (just the DigestInfo) apdu.c:516:sc_transmit_apdu: called card.c:285:sc_lock: called apdu.c:184:sc_apdu_log: Outgoing APDU data [ 267 bytes] ===================================== 00 2A 9E 9A 00 01 02 30 30 30 30 30 30 30 30 30 .*.....000000000 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 30 30 30 30 30 30 30 0C 00 01 00 0000000.... ====================================================================== reader-openct.c:339:openct_reader_transmit: unable to transmit apdu.c:394:do_single_transmit: unable to transmit APDU card.c:312:sc_unlock: called card-cardos.c:742:do_compute_signature: APDU transmit failed: Generic reader error card-cardos.c:803:cardos_compute_signature: trying to sign raw hash value card-cardos.c:806:cardos_compute_signature: returning with: Internal error sec.c:53:sc_compute_signature: returning with: Internal error card.c:312:sc_unlock: called pkcs15-sec.c:248:sc_pkcs15_compute_signature: sc_compute_signature() failed: Internal error Compute signature failed: Internal error pkcs15.c:775:sc_pkcs15_unbind: called card.c:312:sc_unlock: called reader-openct.c:458:openct_reader_unlock: called card.c:236:sc_disconnect_card: called reader-openct.c:280:openct_reader_disconnect: called card.c:251:sc_disconnect_card: returning with: 0 ctx.c:738:sc_release_context: called reader-openct.c:180:openct_reader_release: called reader-openct.c:180:openct_reader_release: called reader-openct.c:180:openct_reader_release: called reader-openct.c:180:openct_reader_release: called reader-openct.c:180:openct_reader_release: called reader-openct.c:165:openct_reader_finish: called
Am Dienstag, den 13.03.2007, 22:17 +0100 schrieb Andreas Jellinghaus: > Am Dienstag, 13. März 2007 17:40 schrieb Simon Eisenmann: > > i today recieved the PINs for my ne D-TRUST 2048 Bit signature card > > which seems to use Siemens CardOS 4.3B. I can read the certificates and > > keys from the card using opensc tools perfectly. > > > > Though there is a problem when creating a signature (opensc svn trunk). > > a) which version of trunk exactly? what card reader are you using? > we did some changes recently that might break things - but I think > it only affects cards that can only do t=0 with some readers, so it shouldn't > be a problem for you. > > so my wild guess is: can that key be used for both signing and decryption > (check with pkcs11-tool or pkcs15-tool) ? > > cardos doesn't allow that for some stupid reason. in real world it is needed. > so there are two hacks for this: > a) the opensc hack: store the private key twice - once with key usage sign > and once with key usage decrypt, and then choose the right one. > b) the siemens hack: store the key as decrypt key and use raw rsa decryption > for signing. > > we haven't implemented b) yet, but we should add it for compatibility. > > > note: When using opensc 0.11.1 the card is not recognized as cardos (ATR > > not in the list of cardos implementation). > > yes. we added that atr after 0.11.1. > > Regards, Andreas -- Simon Eisenmann [ mailto:[EMAIL PROTECTED] ] [ struktur AG | Kronenstraße 22a | D-70173 Stuttgart ] [ T. +49.711.896656.68 | F.+49.711.89665610 ] [ http://www.struktur.de | mailto:[EMAIL PROTECTED] ]
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
