[opensc-devel] Invalid CSR is created with E-GATE 32K rsa/2048

[Simon Eisenmann]

Hi,

today is tried to create a new schlumberger e-gate 32K card to test 2048
bit keys on these type of cards. Though i failed to sign the CSR with
openssl, cause openssl tells me that the CSR's signature does not match
the request.

This is what i did (blank e-gate 32K card):

$ pkcs15-init -EC -T --no-so-pin
$ pkcs15-init -P -a 01 -T
$ pkcs15-init -G rsa/2048 -a 01 --key-usage sign

$ openssl> engine -t dynamic -pre
SO_PATH:/usr/lib/engines/engine_pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1
-pre LOAD -pre MODULE_PATH:/usr/lib/opensc-pkcs11.so

$ openssl> req -engine pkcs11 -new -key id_45 -keyform engine -out
test.csr


This is the CSR which was created:

-----BEGIN CERTIFICATE REQUEST-----
MIIC3TCCAcUCAQAwgZcxCzAJBgNVBAYTAkRFMQswCQYDVQQIEwJCVzESMBAGA1UE
BxMJU3R1dHRnYXJ0MRQwEgYDVQQKEwtzdHJ1a3R1ciBBRzEYMBYGA1UECxMPSVQg
VEVTVElORyBPTkxZMRUwEwYDVQQDEwxIaWxkZSBUZXN0ZXIxIDAeBgkqhkiG9w0B
CQEWEXNpbW9uQHN0cnVrdHVyLmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA1q+rnL68ta+NJ6cmT5nlW/nYbl0pVnmwdnBPIfTLDyiIPX93mjvvmnf9
o4L18ayc1IDTOiUzfSg1p6IGfcnFOB8MWt9LIz52Kbp5417kIJp/QdVFz3WIGV1F
gAPN0CduVoNy198WtZrOQR+neYAIlNFR44YisoToxpp7c7xIrHaJv8mnO3bGIKR4
bv7DUgLVzNuMu5mBXmn3plL/gKQdog5A8wt4sCt7mgleqhOcy/EDfFkVoq5inzNY
2v58yB5OPJxZz4IVhz/ljAzSKwKK+4KmZddVhIhbIUzjSyPushxdwsin7CK7yhKS
FdtwNKNXwRUa94FHgs6chdnd0qo2JwIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEB
AALlcN1QUk/QIE0fmdK+cbhrSA6n25l3tB2/y0uX6ZwNT65i5kdHpcOX0Gj45u0x
oALQbiVis5j8oXVel646D9C8UDJUS1M58WydJ3G0CwZZVIR81dm1nTVJzSbiI8gM
S/x90htz5vzbgXaeHIm1zL9gYY94CqfPafPOLTpo82+RBvEY8yItE2nnbnJkS16a
gUEw2vlY3Bgb3/jHAlPjjiItNEhijv/KZlLM9+TStqdy5Y4I5gxg3Wnb7B5/Wlut
DThiizzYUC4sFaBSy6QnWsHyzCa4+uySYpxgYAIsgkUM1SBzzDVq4csFrHW+63xw
jwWoSf6CMkcrAuVw3VBST9A=
-----END CERTIFICATE REQUEST-----


Basically its valid, but the inner signature is not. So when i try to
sign it using openssl i get 

"Signature did not match the certificate request".

This has been working fine in the past (~ a year ago). I am using the
latest released versions of opensc, engine, and libp11.

Exactly the same works fine when using a 1024 bit key. 

I am using a scm CCID reader in combination with opensc max_send and
recv_size set to 248 in opensc.conf.


Any hints?


Best regards,
Simon









-- 
Simon Eisenmann

[ mailto:[EMAIL PROTECTED] ]

[ struktur AG | Kronenstraße 22a | D-70173 Stuttgart ]
[ T. +49.711.896656.68 | F.+49.711.89665610 ]
[ http://www.struktur.de | mailto:[EMAIL PROTECTED] ]

smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel