> Dominik Fischer wrote: > >> do you still have that RHEL5 machine? if you had a debug log from it too, > >> that could help in seeing what changed. the interesting parts start with > >> the first "C_Sign" line. > > > > Here comes the debug-output from my RHEL5 System. > > > Without the original command line and the APDUs in the trace, > its hard to tell what is going on. Can you set the debug >= 6? > > It looks like you are sending "foobar\n" as the data to be signed. > > "framework-pkcs15.c:1933:pkcs15_prkey_sign: Selected flags 12. Now computing > signature for 7 bytes. 512 bytes reserved." > > says the flags are RSA_PAD_PKCS1 and RSA_HASH_NONE > So this trace look like you used -m RSA_PKCS1. > > Normally the hash of data is signed, not the data itself, as RAW RSA > has limits on the length of the data.
The debug level was already "99"... But as I mentioned before: it is not only a problem of that specific pkcs11-tool command: pkcs11-tool -t -l throws an error. On RHEL5 and even on Jaunty all worked fine, under Karmic it does not work. Here the output of my testscript under Karmic: --8<---8<--- # dpkg -l opensc libopensc2 libccid pcscd libpcsclite1 linux-image-generic # dpkg -l opensc libopensc2 libccid pcscd libpcsclite1 linux-image-generic Gewünscht=Unbekannt/Installieren/R=Entfernen/P=Vollständig Löschen/Halten | Status=Nicht/Installiert/Config/U=Entpackt/Fehlgeschl. Konfiguration/ Halb installiert/Trigger erWartet/Trigger anhängig |/ Fehler?=(kein)/R=Neuinstallation notwendig (Status, Fehler: GROSS=schlecht) ||/ Name Version Beschreibung +++-==================-==================-==================================================== ii libccid 1.3.10-1 PC/SC driver for USB CCID smart card readers ii libopensc2 0.11.8-1ubuntu1 SmartCard library with support for PKCS#15 compatibl ii libpcsclite1 1.5.3-1ubuntu1 Middleware to access a smart card using PC/SC (libra ii linux-image-generi 2.6.31.16.29 Generic Linux kernel image ii opensc 0.11.8-1ubuntu1 SmartCard utilities with support for PKCS#15 compati ii pcscd 1.5.3-1ubuntu1 Middleware to access a smart card using PC/SC (daemo # opensc-tool -l Readers known about: Nr. Driver Name 0 pcsc SCM SCR 335 (21120738300434) 00 00 # pkcs11-tool -l -t Please enter User PIN: C_SeedRandom() and C_GenerateRandom(): seeding (C_SeedRandom) not supported seems to be OK Digests: all 4 digest functions seem to work MD5: OK SHA-1: OK RIPEMD160: OK Signatures (currently only RSA signatures) testing key 0 (Private Key) error: PKCS11 function C_SignFinal failed: rv = CKR_GENERAL_ERROR (0x5) Aborting. ----8<----8<----- The same script under Jaunty runs without errors: ----8<----8<----- # ./smartcard-test.sh # dpkg -l opensc libopensc2 libccid pcscd libpcsclite1 linux-image-generic Gewünscht=Unbekannt/Installieren/R=Entfernen/P=Vollständig Löschen/Halten | Status=Nicht/Installiert/Config/U=Entpackt/Fehlgeschl. Konfiguration/ Halb installiert/Trigger erWartet/Trigger anhängig |/ Fehler?=(kein)/Halten/R=Neuinst notw/X=beide (Status, Fehler: GROSS=schlecht) ||/ Name Version Beschreibung +++-==================-==================-==================================================== ii libccid 1.3.8-1 PC/SC driver for USB CCID smart card readers ii libopensc2 0.11.4-5ubuntu1 SmartCard library with support for PKCS#15 compatibl ii libpcsclite1 1.4.102-1ubuntu2 Middleware to access a smart card using PC/SC (libra ii linux-image-generi 2.6.28.17.22 Generic Linux kernel image ii opensc 0.11.4-5ubuntu1 SmartCard utilities with support for PKCS#15 compati ii pcscd 1.4.102-1ubuntu2 Middleware to access a smart card using PC/SC (daemo # opensc-tool -l Readers known about: Nr. Driver Name 0 pcsc SCM SCR 335 00 00 # pkcs11-tool -l -t Please enter User PIN: C_SeedRandom() and C_GenerateRandom(): not implemented Digests: all 4 digest functions seem to work MD5: OK SHA-1: OK RIPEMD160: OK Signatures (currently only RSA signatures) testing key 0 (Private Key) all 4 signature functions seem to work testing signature mechanisms: RSA-PKCS: OK SHA1-RSA-PKCS: OK MD5-RSA-PKCS: OK RIPEMD160-RSA-PKCS: OK Verify (currently only for RSA): testing key 0 (Private Key) RSA-PKCS: OK SHA1-RSA-PKCS: OK MD5-RSA-PKCS: OK RIPEMD160-RSA-PKCS: OK Key unwrap (RSA) testing key 0 (Private Key) DES-CBC: OK DES-EDE3-CBC: OK BF-CBC: OK CAST5-CFB: OK Decryption (RSA) testing key 0 (Private Key) RSA-PKCS: OK Testing card detection Please press return to continue, x to exit: x Testing card detection using C_WaitForSlotEvent Please press return to continue, x to exit: x No errors ----8<----8<----- Regards, Dominik _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel