Am Montag 07 Dezember 2009 13:41:08 schrieb Dominik Fischer: > Signing some data results in error: > > ---8<---- > $ echo "foobar" | pkcs11-tool -s > Please enter User PIN: > Using signature algorithm RSA-PKCS > error: PKCS11 function C_SignFinal failed: rv = CKR_GENERAL_ERROR (0x5) > > Aborting. > ---8<----
why do you think that should work? most smart cards have security functionality to limit signing to certain hash sizes. "foobar\0" i.e. seven bytes is propably not an allowed key size. try signing an md5 hash or sha1 hash... http://www.opensc-project.org/svn/opensc/trunk/src/tests/regression/crypt0001 has some example code (our regression tests): openssl dgst -md5 -binary -out digest_file < message_file pkcs15-crypt -s --md5 --pkcs1 -i digest_file -o signature_file openssl dgst -verify public_key_file -md5 -signature signature_file \ < message_file should give you an idea how it works. Regards, Andreas _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
