Re: [opensc-devel] PKCS11 signing does not work on Ubuntu

Dominik Fischer Fri, 11 Dec 2009 02:22:29 -0800

> Dominik Fischer wrote:
> >> do you still have that RHEL5 machine? if you had a debug log from it too,
> >> that could help in seeing what changed. the interesting parts start with
> >> the first "C_Sign" line.
> > 
> > Here comes the debug-output from my RHEL5 System.
> 
> 
> Without the original command line and the APDUs in the trace,
> its hard to tell what is going on. Can you set the debug >= 6?
> 
> It looks like you are sending "foobar\n" as the data to be signed.
> 
> "framework-pkcs15.c:1933:pkcs15_prkey_sign: Selected flags 12. Now computing 
> signature for 7 bytes. 512 bytes reserved."
> 
> says the flags are RSA_PAD_PKCS1 and RSA_HASH_NONE
> So this trace look like you used -m RSA_PKCS1.
> 
> Normally the hash of data is signed, not the data itself, as  RAW RSA
> has limits on the length of the data.


The debug level was already "99"... 

But as I mentioned before: it is not only a problem of that specific 
pkcs11-tool command: pkcs11-tool -t -l throws an error.

On RHEL5 and even on Jaunty all worked fine, under Karmic it does not work. 

Here the output of my testscript under Karmic:
--8<---8<---
# dpkg -l opensc libopensc2 libccid pcscd libpcsclite1 linux-image-generic

# dpkg -l opensc libopensc2 libccid pcscd libpcsclite1 linux-image-generic
Gewünscht=Unbekannt/Installieren/R=Entfernen/P=Vollständig Löschen/Halten
| Status=Nicht/Installiert/Config/U=Entpackt/Fehlgeschl. Konfiguration/
         Halb installiert/Trigger erWartet/Trigger anhängig
|/ Fehler?=(kein)/R=Neuinstallation notwendig (Status, Fehler: GROSS=schlecht)
||/ Name               Version            Beschreibung
+++-==================-==================-====================================================
ii  libccid            1.3.10-1           PC/SC driver for USB CCID smart card 
readers
ii  libopensc2         0.11.8-1ubuntu1    SmartCard library with support for 
PKCS#15 compatibl
ii  libpcsclite1       1.5.3-1ubuntu1     Middleware to access a smart card 
using PC/SC (libra
ii  linux-image-generi 2.6.31.16.29       Generic Linux kernel image
ii  opensc             0.11.8-1ubuntu1    SmartCard utilities with support for 
PKCS#15 compati
ii  pcscd              1.5.3-1ubuntu1     Middleware to access a smart card 
using PC/SC (daemo

# opensc-tool -l
Readers known about:
Nr.    Driver     Name
0      pcsc       SCM SCR 335 (21120738300434) 00 00

# pkcs11-tool -l -t
Please enter User PIN:
C_SeedRandom() and C_GenerateRandom():
  seeding (C_SeedRandom) not supported
  seems to be OK
Digests:
  all 4 digest functions seem to work
  MD5: OK
  SHA-1: OK
  RIPEMD160: OK
Signatures (currently only RSA signatures)
  testing key 0 (Private Key)
error: PKCS11 function C_SignFinal failed: rv = CKR_GENERAL_ERROR (0x5)

Aborting.
----8<----8<-----

The same script under Jaunty runs without errors:
----8<----8<-----
# ./smartcard-test.sh

# dpkg -l opensc libopensc2 libccid pcscd libpcsclite1 linux-image-generic
Gewünscht=Unbekannt/Installieren/R=Entfernen/P=Vollständig Löschen/Halten
| Status=Nicht/Installiert/Config/U=Entpackt/Fehlgeschl. Konfiguration/
         Halb installiert/Trigger erWartet/Trigger anhängig
|/ Fehler?=(kein)/Halten/R=Neuinst notw/X=beide (Status, Fehler: GROSS=schlecht)
||/ Name               Version            Beschreibung
+++-==================-==================-====================================================
ii  libccid            1.3.8-1            PC/SC driver for USB CCID smart card 
readers
ii  libopensc2         0.11.4-5ubuntu1    SmartCard library with support for 
PKCS#15 compatibl
ii  libpcsclite1       1.4.102-1ubuntu2   Middleware to access a smart card 
using PC/SC (libra
ii  linux-image-generi 2.6.28.17.22       Generic Linux kernel image
ii  opensc             0.11.4-5ubuntu1    SmartCard utilities with support for 
PKCS#15 compati
ii  pcscd              1.4.102-1ubuntu2   Middleware to access a smart card 
using PC/SC (daemo

# opensc-tool -l
Readers known about:
Nr.    Driver     Name
0      pcsc       SCM SCR 335 00 00

# pkcs11-tool -l -t
Please enter User PIN:
C_SeedRandom() and C_GenerateRandom():
  not implemented
Digests:
  all 4 digest functions seem to work
  MD5: OK
  SHA-1: OK
  RIPEMD160: OK
Signatures (currently only RSA signatures)
  testing key 0 (Private Key)
  all 4 signature functions seem to work
  testing signature mechanisms:
    RSA-PKCS: OK
    SHA1-RSA-PKCS: OK
    MD5-RSA-PKCS: OK
    RIPEMD160-RSA-PKCS: OK
Verify (currently only for RSA):
  testing key 0 (Private Key)
    RSA-PKCS: OK
    SHA1-RSA-PKCS: OK
    MD5-RSA-PKCS: OK
    RIPEMD160-RSA-PKCS: OK
Key unwrap (RSA)
  testing key 0 (Private Key)
    DES-CBC: OK
    DES-EDE3-CBC: OK
    BF-CBC: OK
    CAST5-CFB: OK
Decryption (RSA)
  testing key 0 (Private Key)
    RSA-PKCS: OK
Testing card detection
Please press return to continue, x to exit: x
Testing card detection using C_WaitForSlotEvent
Please press return to continue, x to exit: x
No errors

----8<----8<-----
Regards,
Dominik
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] PKCS11 signing does not work on Ubuntu

Reply via email to