> > How did you encrypt your data? Looks like a padding problem to me. > > OpenSC assumes that you used PKCS#1-padding before you encrypted > > your data. I'm not sure whether all keys on your SignTrust card > > supports non-PKCS#1-padding. Let me know if you must decrypt > > non-PKCS#1-padded data. > > I encrypt data with OpenSSL. > > First, I create RSA object by d2i_RSAPublicKey then call > RSA_public_encrypt with RSA_PKCS1_PADDING last parameter. > Size of exit buffer obtain by RSA_size. > > On decrypt operation, ADPU has first data byte "0x81", as I > know it is indicate to use PKCS1 crypted data. > > I was testing this code on other cards (cardos and netkey). > Cardos don't support PKCS#1-padding, so in exit buffer after > decryption don't cut out pudding bytes (other problem :( ). > But encrypt\decrypt operations on both cards complete successfully.
Seems that you know what you are doing :-) If your code works with NetKey E4 cards then it MUST work with your SignTrust card too. Both cards are TCOS 2.0 cards and use the same driver so I cannot imagine why a NetKey card should behave different from a SignTrust card. But this might be a limitation of my imagination. Could you post the relevant parts of your code or send it to me. I just tried the following script with my SignTrust card: KEY=46 echo "Testdata" >cleartext pkcs15-tool --read-public-key $KEY >pubkey.pem openssl rsautl -encrypt -inkey pubkey.pem -pubin -in cleartext -out ciphertext pkcs15-crypt --decipher --input ciphertext --key $KEY --pkcs1 Works with both key 46 and key 47. Does not work with key 45 since key 45 is a signature-key and cannot do decryption-operations. Could you try this with your SignTrust card and/or NetKey card. Peter _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel