Hello, Martin Paljak wrote: >> 2. The announcement of the GOST public key algorithm seems to me very >> optimistic. Because the current implementation isn't functional at all >> [1][2]. > Good catch.
The GOST public key algorithm is working (the current implementation), but in [1] [2] by a lucky chance. We need to fix logic in this case. See http://www.opensc-project.org/opensc/browser/trunk/src/libopensc/card-rtecp.c#L60 >> [1]http://www.opensc-project.org/opensc/browser/trunk/src/libopensc/pkcs15-sec.c#L86 >> [2]http://www.opensc-project.org/opensc/browser/trunk/src/libopensc/card.c#L725 Trace example: Breakpoint 1, _sc_card_find_rsa_alg (card=0x8e2530, key_length=256) at card.c:730 730 for (i = 0; i < card->algorithm_count; i++) { (gdb) bt #0 _sc_card_find_rsa_alg (card=0x8e2530, key_length=256) at card.c:730 #1 0x00007fce3a329369 in sc_pkcs15_compute_signature (p15card=0x8e2b00, obj=0x8eaff0, flags=<value optimized out>, in=<value optimized out>, inlen=32, out=<value optimized out>, outlen=64) at pkcs15-sec.c:175 #2 0x000000000041118d in pkcs15_prkey_sign (ses=0x8ee2c0, obj=<value optimized out>, pMechanism=<value optimized out>, pData=<value optimized out>, ulDataLen=32, pSignature=<value optimized out>, pulDataLen=0x7128e8) at framework-pkcs15.c:2401 #3 0x000000000040ca98 in sc_pkcs11_signature_final (operation=0x8ee230, pSignature=0x712860 "", pulSignatureLen=0x7128e8) at mechanism.c:425 #4 0x000000000040d546 in sc_pkcs11_sign_final (session=0x8ee2c0, pSignature=0x712860 "", pulSignatureLen=0x7128e8) at mechanism.c:307 #5 0x000000000040a82c in C_Sign (hSession=9364160, pData=0x708de0 "1234567890123456789012345678901", ulDataLen=32, pSignature=0x712860 "", pulSignatureLen=0x7128e8) at pkcs11-object.c:591 #6 0x00000000004079b5 in main () (gdb) finish Run till exit from #0 _sc_card_find_rsa_alg (card=0x8e2530, key_length=256) at card.c:730 sc_pkcs15_compute_signature (p15card=0x8e2b00, obj=0x8eaff0, flags=<value optimized out>, in=<value optimized out>, inlen=32, out=<value optimized out>, outlen=64) at pkcs15-sec.c:176 176 if (alg_info == NULL) { Value returned is $1 = (sc_algorithm_info_t *) 0x8e27c0 (gdb) p/x *$1 $3 = {algorithm = 0x0, key_length = 0x100, flags = 0x80000011, u = {_rsa = {exponent = 0x0}}} (gdb) n 175 alg_info = _sc_card_find_rsa_alg(p15card->card, prkey->modulus_length); (gdb) 176 if (alg_info == NULL) { (gdb) 160 size_t modlen = prkey->modulus_length / 8; (gdb) 183 if (inlen > sizeof(buf) || outlen < modlen) (gdb) 185 memcpy(buf, in, inlen); (gdb) 180 senv.algorithm = SC_ALGORITHM_RSA; (gdb) 185 memcpy(buf, in, inlen); (gdb) 195 if ((alg_info->flags & SC_ALGORITHM_NEED_USAGE) && (gdb) 223 if ((flags == (SC_ALGORITHM_RSA_PAD_PKCS1 | SC_ALGORITHM_RSA_HASH_NONE)) && (gdb) 237 r = sc_get_encoding_flags(ctx, flags, alg_info->flags, &pad_flags, &sec_flags); (gdb) 238 if (r != SC_SUCCESS) { (gdb) 245 if (pad_flags != 0) { (gdb) 242 senv.algorithm_flags = sec_flags; (gdb) 245 if (pad_flags != 0) { (gdb) 242 senv.algorithm_flags = sec_flags; (gdb) 245 if (pad_flags != 0) { (gdb) 250 } else if ((flags & SC_ALGORITHM_RSA_PADS) == SC_ALGORITHM_RSA_PAD_NONE) { (gdb) 252 if (inlen < modlen) { (gdb) 260 senv.operation = SC_SEC_OPERATION_SIGN; (gdb) 261 senv.flags = 0; (gdb) 263 if (prkey->key_reference >= 0) { (gdb) 264 senv.key_ref_len = 1; (gdb) 265 senv.key_ref[0] = prkey->key_reference & 0xFF; (gdb) 266 senv.flags |= SC_SEC_ENV_KEY_REF_PRESENT; (gdb) 268 senv.flags |= SC_SEC_ENV_ALG_PRESENT; (gdb) 270 r = sc_lock(p15card->card); (gdb) 271 SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "sc_lock() failed"); (gdb) 270 r = sc_lock(p15card->card); (gdb) 271 SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "sc_lock() failed"); (gdb) 273 if (prkey->path.len != 0) { (gdb) 274 r = select_key_file(p15card, prkey, &senv); (gdb) 275 if (r < 0) { (gdb) 274 r = select_key_file(p15card, prkey, &senv); (gdb) 275 if (r < 0) { (gdb) 281 r = sc_set_security_env(p15card->card, &senv, 0); (gdb) 282 if (r < 0) { (gdb) 281 r = sc_set_security_env(p15card->card, &senv, 0); (gdb) 282 if (r < 0) { (gdb) 287 r = sc_compute_signature(p15card->card, tmp, inlen, out, outlen); (gdb) s sc_compute_signature (card=0x8e2530, data=0x7fff14921100 "1234567890123456789012345678901", datalen=32, out=0x712860 "", outlen=64) at sec.c:48 48 { (gdb) n 51 assert(card != NULL); (gdb) 48 { (gdb) 51 assert(card != NULL); (gdb) 52 SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_NORMAL); (gdb) 53 if (card->ops->compute_signature == NULL) (gdb) 55 r = card->ops->compute_signature(card, data, datalen, out, outlen); (gdb) s rtecp_compute_signature (card=0x8e2530, data=0x7fff14921100 "1234567890123456789012345678901", data_len=32, out=0x712860 "", out_len=64) at card-rtecp.c:415 415 { (gdb) >> It would be very surprising to me, if there is at least one >> single person who could explain (to an ordinary user) how to get this >> stuff to work. Question: Why declaring such non functional stuff as a >> new feature? > > AFAIK the only cards/tokens that support GOST seem to be Rutokens and thus we > have to take the developers word on that as I have tried to get a Rutoken but > those e-mails faded away, I did not get a reply from the vendor. I don't know > anyone else on this list who has a Rutoken and could verify (or in that > sense, care about) the functioning of GOST algorithms and key generation etc. > > What maybe needs to be done is better phrasing of what the actual "support > for" means. There sure is code in OpenSC that deals with GOST algorithms, but > how and where it is exposed, needs to be documented. > > Aleksey, can you explain the situation with GOST in more detail? The GOST R 34.10-2001 is working on Rutoken ECP only (http://www.opensc-project.org/opensc/wiki/AktivRutokenECP) Supported: PKCS#11 opensc-pkcs11 (C_GenerateKeyPair, C_Find*, C_Digest*, C_Sign*, C_Verify* are working with GOST) pkcs11-tool (read and show GOST objects only) pkcs15-tool pkcs15-init Some examples: $ pkcs15-init --create-pkcs15 --so-pin "87654321" --so-puk "" $ pkcs15-init --store-pin --label "User PIN" --auth-id 02 --pin "12345678" --puk "" --so-pin "87654321" --finalize $ $ openssl genpkey -engine gost -algorithm gost2001 -pkeyopt paramset:A -out test_key engine "gost" set. $ $ openssl req -engine gost -new -x509 -days 30 -key test_key -out test_cert engine "gost" set. You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:RU State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []:Name Email Address []:n...@mail $ $ openssl pkey -engine gost -in test_key -text engine "gost" set. -----BEGIN PRIVATE KEY----- MEUCAQAwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEEIgIgSYP2t827klu9 QoJxuxhJ/N/ovSOUnFwjp6gIxbGJYsE= -----END PRIVATE KEY----- Private key: 4983F6B7CDBB925BBD428271BB1849FCDFE8BD23949C5C23A7A808C5B18962C1 Public key: X:A72742EC9FF900298DC28141F40C9A68C83ECF2758AEBE80F4774C1E3AB8C5C6 Y:3FAEC2B7B0375AB7DA7F4D6FDE33BE386A5681F03BFE1EC38EA7EE8CD15A75F3 Parameter set: id-GostR3410-2001-CryptoPro-A-ParamSet $ openssl x509 -engine gost -in test_cert -text engine "gost" set. Certificate: Data: Version: 3 (0x2) Serial Number: fb:e8:78:cc:97:70:4f:cd Signature Algorithm: GOST R 34.11-94 with GOST R 34.10-2001 Issuer: C=RU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=Name/emailaddress...@mail Validity Not Before: Aug 31 20:29:27 2010 GMT Not After : Sep 30 20:29:27 2010 GMT Subject: C=RU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=Name/emailaddress...@mail Subject Public Key Info: Public Key Algorithm: GOST R 34.10-2001 Public key: X:A72742EC9FF900298DC28141F40C9A68C83ECF2758AEBE80F4774C1E3AB8C5C6 Y:3FAEC2B7B0375AB7DA7F4D6FDE33BE386A5681F03BFE1EC38EA7EE8CD15A75F3 Parameter set: id-GostR3410-2001-CryptoPro-A-ParamSet X509v3 extensions: X509v3 Subject Key Identifier: 5C:70:59:85:37:22:F7:AE:ED:74:93:26:73:91:F3:EC:AA:20:54:46 X509v3 Authority Key Identifier: keyid:5C:70:59:85:37:22:F7:AE:ED:74:93:26:73:91:F3:EC:AA:20:54:46 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: GOST R 34.11-94 with GOST R 34.10-2001 43:4d:0b:8c:f5:50:bf:74:aa:1d:ec:54:4c:42:a0:57:8d:c2: 5a:a6:d4:be:25:81:83:c5:42:a4:0b:4b:46:2a:19:8c:99:69: 84:1e:97:ed:e8:2a:27:f5:12:1f:5d:67:eb:d8:5e:df:ef:83: cf:5f:d9:ce:2f:1f:8e:f2:b3:87 -----BEGIN CERTIFICATE----- MIICIjCCAc+gAwIBAgIJAPvoeMyXcE/NMAoGBiqFAwICAwUAMGwxCzAJBgNVBAYT AlJVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRn aXRzIFB0eSBMdGQxDTALBgNVBAMMBE5hbWUxFjAUBgkqhkiG9w0BCQEWB25vQG1h aWwwHhcNMTAwODMxMjAyOTI3WhcNMTAwOTMwMjAyOTI3WjBsMQswCQYDVQQGEwJS VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0 cyBQdHkgTHRkMQ0wCwYDVQQDDAROYW1lMRYwFAYJKoZIhvcNAQkBFgdub0BtYWls MGMwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEDQwAEQMbFuDoeTHf0gL6u WCfPPshomgz0QYHCjSkA+Z/sQien83Va0Yzup47DHv478IFWaji+M95vTX/at1o3 sLfCrj+jUDBOMB0GA1UdDgQWBBRccFmFNyL3ru10kyZzkfPsqiBURjAfBgNVHSME GDAWgBRccFmFNyL3ru10kyZzkfPsqiBURjAMBgNVHRMEBTADAQH/MAoGBiqFAwIC AwUAA0EAQ00LjPVQv3SqHexUTEKgV43CWqbUviWBg8VCpAtLRioZjJlphB6X7egq J/USH11n69he3++Dz1/Zzi8fjvKzhw== -----END CERTIFICATE----- $ $ pkcs15-init --store-private-key test_key --key-usage sign,decrypt --auth-id 2 --id 3 --pin "12345678" Using reader with a card: CCID Compatible $ pkcs15-init --store-certificate test_cert --id 3 --pin "12345678" Using reader with a card: CCID Compatible $ $ pkcs11-tool --slot 1 --list-objects --login --pin "12345678" Private Key Object; GOSTR3410 OID: 06072a850302022301 label: Private Key ID: 03 Usage: decrypt, sign, unwrap Public Key Object; GOSTR3410 OID: 06072a850302022301 label: Public Key ID: 03 Usage: none Certificate Object, type = X.509 cert label: Certificate ID: 03 $ $ pkcs15-tool --list-certificates --list-public-keys --list-keys --pin "12345678" Using reader with a card: CCID Compatible X.509 Certificate [Certificate] Flags : 2 Authority: no Path : 3f0050000300 ID : 03 Encoded serial: 02 09 00FBE878CC97704FCD Private GOSTR3410 Key [Private Key] Com. Flags : 3 Usage : [0x2E], decrypt, sign, signRecover, unwrap Access Flags: [0x0] ModLength : 256 Key ref : 1 Native : yes Path : 3f001000100060020001 Auth ID : 02 ID : 03 Public GOSTR3410 Key [Public Key] Com. Flags : 2 Usage : [0x4], sign Access Flags: [0x0] ModLength : 256 Key ref : 0 Native : no Path : 3f0050000200 Auth ID : ID : 03 $ $ pkcs11-tool --slot 1 --read-object --type pubkey --id 3 | hexdump -C 00000000 04 40 c6 c5 b8 3a 1e 4c 77 f4 80 be ae 58 27 cf |....@ÆŸ:.Lwô.¾®X'Ï| 00000010 3e c8 68 9a 0c f4 41 81 c2 8d 29 00 f9 9f ec 42 |>Èh..ôA.Â.).ù.ìB| 00000020 27 a7 f3 75 5a d1 8c ee a7 8e c3 1e fe 3b f0 81 |'§óuZÑ.î§.Ã.þ;ð.| 00000030 56 6a 38 be 33 de 6f 4d 7f da b7 5a 37 b0 b7 c2 |Vj8¾3ÞoM.Ú·Z7°·Â| 00000040 ae 3f |®?| 00000042 $ PKCS#11 Example: ................ 0x7fea42b2e6f0 03:15:20.368 [opensc-pkcs11] card-rtecp.c:319:rtecp_verify: returning with: 0 0x7fea42b2e6f0 03:15:20.368 [opensc-pkcs11] sec.c:204:sc_pin_cmd: returning with: 0 0x7fea42b2e6f0 03:15:20.368 [opensc-pkcs11] pkcs15-pin.c:481:sc_pkcs15_pincache_add: called 0x7fea42b2e6f0 03:15:20.368 [opensc-pkcs11] pkcs15-pin.c:501:sc_pkcs15_pincache_add: PIN(User PIN) cached 0x7fea42b2e6f0 03:15:20.368 [opensc-pkcs11] card.c:324:sc_unlock: called 0x7fea42b2e6f0 03:15:20.368 [opensc-pkcs11] reader-openct.c:407:openct_reader_unlock: called 0x7fea42b2e6f0 03:15:20.368 [opensc-pkcs11] framework-pkcs15.c:1057:pkcs15_login: PKCS15 verify PIN returned 0 0x7fea42b2e6f0 03:15:20.368 [opensc-pkcs11] framework-pkcs15.c:1064:pkcs15_login: Check if pkcs15 object list can be completed. 0x7fea42b2e6f0 03:15:20.368 [opensc-pkcs11] pkcs15-syn.c:434:sc_pkcs15emu_postponed_load: called 0x7fea42b2e6f0 03:15:20.368 [opensc-pkcs11] pkcs15-syn.c:440:sc_pkcs15emu_postponed_load: Type:8,enumerated:1 0x7fea42b2e6f0 03:15:20.368 [opensc-pkcs11] pkcs15-syn.c:440:sc_pkcs15emu_postponed_load: Type:0,enumerated:1 0x7fea42b2e6f0 03:15:20.368 [opensc-pkcs11] pkcs15-syn.c:440:sc_pkcs15emu_postponed_load: Type:1,enumerated:1 0x7fea42b2e6f0 03:15:20.368 [opensc-pkcs11] pkcs15-syn.c:440:sc_pkcs15emu_postponed_load: Type:4,enumerated:1 0x7fea42b2e6f0 03:15:20.368 [opensc-pkcs11] pkcs15-syn.c:453:sc_pkcs15emu_postponed_load: Loaded mask 0x0 0x7fea42b2e6f0 03:15:20.368 [opensc-pkcs11] pkcs15-syn.c:454:sc_pkcs15emu_postponed_load: returning with: 0 0x7fea42b2e6f0 03:15:20.368 [opensc-pkcs11] misc.c:59:sc_to_cryptoki_error_common: opensc error: No errors (0) 0x7fea42b2e6f0 03:15:20.368 [opensc-pkcs11] pkcs11-object.c:274:C_FindObjectsInit: C_FindObjectsInit(slot = 1) 0x7fea42b2e6f0 03:15:20.368 [opensc-pkcs11] pkcs11-object.c:275:C_FindObjectsInit: C_FindObjectsInit(): CKA_ID = 03 0x7fea42b2e6f0 03:15:20.368 [opensc-pkcs11] misc.c:136:session_start_operation: called 0x7fea42b2e6f0 03:15:20.368 [opensc-pkcs11] misc.c:137:session_start_operation: Session 0x237ad40, type 0 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] pkcs11-object.c:294:C_FindObjectsInit: Object with handle 0x23757b0 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] pkcs11-object.c:322:C_FindObjectsInit: Object 1/37181360: Attribute 0x102 matches. 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] pkcs11-object.c:327:C_FindObjectsInit: Object 1/37181360 matches 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] pkcs11-object.c:294:C_FindObjectsInit: Object with handle 0x2377a00 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] pkcs11-object.c:322:C_FindObjectsInit: Object 1/37190144: Attribute 0x102 matches. 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] pkcs11-object.c:327:C_FindObjectsInit: Object 1/37190144 matches 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] pkcs11-object.c:294:C_FindObjectsInit: Object with handle 0x2378ae0 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] pkcs11-object.c:322:C_FindObjectsInit: Object 1/37194464: Attribute 0x102 matches. 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] pkcs11-object.c:327:C_FindObjectsInit: Object 1/37194464 matches 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] pkcs11-object.c:338:C_FindObjectsInit: 3 matching objects 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] misc.c:158:session_get_operation: called 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] misc.c:158:session_get_operation: called 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] pkcs11-object.c:180:C_GetAttributeValue: Object 37181360: CKA_CLASS = CKO_PRIVATE_KEY 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] pkcs11-object.c:202:C_GetAttributeValue: C_GetAttributeValue(hSession=0x237ad40, hObject=0x23757b0) = CKR_OK 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] pkcs11-object.c:180:C_GetAttributeValue: Object 37190144: CKA_CLASS = CKO_PUBLIC_KEY 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] pkcs11-object.c:202:C_GetAttributeValue: C_GetAttributeValue(hSession=0x237ad40, hObject=0x2377a00) = CKR_OK 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] pkcs11-object.c:180:C_GetAttributeValue: Object 37194464: CKA_CLASS = CKO_CERTIFICATE 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] pkcs11-object.c:202:C_GetAttributeValue: C_GetAttributeValue(hSession=0x237ad40, hObject=0x2378ae0) = CKR_OK 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] misc.c:136:session_start_operation: called 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] misc.c:137:session_start_operation: Session 0x237ad40, type 1 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] pkcs11-object.c:552:C_SignInit: C_SignInit() = CKR_OK 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] misc.c:158:session_get_operation: called 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] pkcs11-object.c:593:C_Sign: C_Sign() = CKR_OK 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] misc.c:158:session_get_operation: called 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] misc.c:158:session_get_operation: called 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] misc.c:158:session_get_operation: called 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] framework-pkcs15.c:2341:pkcs15_prkey_sign: Initiating signing operation, mechanism 0x1201. 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] card.c:290:sc_lock: called 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] reader-openct.c:381:openct_reader_lock: called 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] framework-pkcs15.c:3141:reselect_app_df: reselect application df 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] card.c:543:sc_select_file: called; type=2, path=3f005000 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] apdu.c:521:sc_transmit_apdu: called 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] card.c:290:sc_lock: called 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] apdu.c:187:sc_apdu_log: Outgoing APDU data [ 7 bytes] ===================================== 00 A4 08 00 02 50 00 .....P. ====================================================================== 0x7fea42b2e6f0 03:15:20.371 [opensc-pkcs11] apdu.c:187:sc_apdu_log: Incoming APDU data [ 2 bytes] ===================================== 90 00 .. ====================================================================== 0x7fea42b2e6f0 03:15:20.371 [opensc-pkcs11] card.c:324:sc_unlock: called 0x7fea42b2e6f0 03:15:20.371 [opensc-pkcs11] iso7816.c:465:iso7816_select_file: returning with: 0 0x7fea42b2e6f0 03:15:20.371 [opensc-pkcs11] card-rtecp.c:266:rtecp_select_file: returning with: 0 0x7fea42b2e6f0 03:15:20.371 [opensc-pkcs11] card.c:564:sc_select_file: returning with: 0 0x7fea42b2e6f0 03:15:20.371 [opensc-pkcs11] framework-pkcs15.c:2400:pkcs15_prkey_sign: Selected flags 4000. Now computing signature for 32 bytes. 64 bytes reserved. 0x7fea42b2e6f0 03:15:20.371 [opensc-pkcs11] pkcs15-sec.c:163:sc_pkcs15_compute_signature: called 0x7fea42b2e6f0 03:15:20.371 [opensc-pkcs11] card.c:290:sc_lock: called 0x7fea42b2e6f0 03:15:20.371 [opensc-pkcs11] card.c:543:sc_select_file: called; type=2, path=3f001000100060020001 0x7fea42b2e6f0 03:15:20.371 [opensc-pkcs11] apdu.c:521:sc_transmit_apdu: called 0x7fea42b2e6f0 03:15:20.371 [opensc-pkcs11] card.c:290:sc_lock: called 0x7fea42b2e6f0 03:15:20.371 [opensc-pkcs11] apdu.c:187:sc_apdu_log: Outgoing APDU data [ 13 bytes] ===================================== 00 A4 08 00 08 10 00 10 00 60 02 00 01 .........`... ====================================================================== 0x7fea42b2e6f0 03:15:20.373 [opensc-pkcs11] apdu.c:187:sc_apdu_log: Incoming APDU data [ 2 bytes] ===================================== 90 00 .. ====================================================================== 0x7fea42b2e6f0 03:15:20.373 [opensc-pkcs11] card.c:324:sc_unlock: called 0x7fea42b2e6f0 03:15:20.373 [opensc-pkcs11] iso7816.c:465:iso7816_select_file: returning with: 0 0x7fea42b2e6f0 03:15:20.373 [opensc-pkcs11] card-rtecp.c:266:rtecp_select_file: returning with: 0 0x7fea42b2e6f0 03:15:20.373 [opensc-pkcs11] card.c:564:sc_select_file: returning with: 0 0x7fea42b2e6f0 03:15:20.373 [opensc-pkcs11] sec.c:66:sc_set_security_env: called 0x7fea42b2e6f0 03:15:20.373 [opensc-pkcs11] apdu.c:521:sc_transmit_apdu: called 0x7fea42b2e6f0 03:15:20.373 [opensc-pkcs11] card.c:290:sc_lock: called 0x7fea42b2e6f0 03:15:20.373 [opensc-pkcs11] apdu.c:187:sc_apdu_log: Outgoing APDU data [ 12 bytes] ===================================== 00 22 41 B6 07 81 02 00 01 84 01 01 ."A......... ====================================================================== 0x7fea42b2e6f0 03:15:20.375 [opensc-pkcs11] apdu.c:187:sc_apdu_log: Incoming APDU data [ 2 bytes] ===================================== 90 00 .. ====================================================================== 0x7fea42b2e6f0 03:15:20.375 [opensc-pkcs11] card.c:324:sc_unlock: called 0x7fea42b2e6f0 03:15:20.375 [opensc-pkcs11] sec.c:70:sc_set_security_env: returning with: 0 0x7fea42b2e6f0 03:15:20.375 [opensc-pkcs11] sec.c:52:sc_compute_signature: called 0x7fea42b2e6f0 03:15:20.375 [opensc-pkcs11] apdu.c:521:sc_transmit_apdu: called 0x7fea42b2e6f0 03:15:20.375 [opensc-pkcs11] card.c:290:sc_lock: called 0x7fea42b2e6f0 03:15:20.375 [opensc-pkcs11] apdu.c:187:sc_apdu_log: Outgoing APDU data [ 38 bytes] ===================================== 00 2A 9E 9A 20 00 31 30 39 38 37 36 35 34 33 32 .*.. .1098765432 31 30 39 38 37 36 35 34 33 32 31 30 39 38 37 36 1098765432109876 35 34 33 32 31 40 54321@ ====================================================================== 0x7fea42b2e6f0 03:15:21.941 [opensc-pkcs11] apdu.c:187:sc_apdu_log: Incoming APDU data [ 66 bytes] ===================================== 72 87 CE C5 61 C8 03 99 14 F7 3F 70 3A E1 A6 98 r...a.....?p:... 7F 6B AB FD 3E C7 16 AB 93 D8 1F 97 9A 65 45 BE .k..>........eE. 74 4F B6 8E D0 2B 1C 50 24 C5 20 67 AB CA DB D9 tO...+.P$. g.... C6 3E C1 C0 F8 95 22 79 AF 65 37 00 32 73 E5 E0 .>...."y.e7.2s.. 90 00 .. ====================================================================== 0x7fea42b2e6f0 03:15:21.941 [opensc-pkcs11] card.c:324:sc_unlock: called 0x7fea42b2e6f0 03:15:21.941 [opensc-pkcs11] card-rtecp.c:398:rtecp_cipher: returning with: 64 0x7fea42b2e6f0 03:15:21.941 [opensc-pkcs11] card-rtecp.c:421:rtecp_compute_signature: returning with: 64 0x7fea42b2e6f0 03:15:21.941 [opensc-pkcs11] sec.c:56:sc_compute_signature: returning with: 64 0x7fea42b2e6f0 03:15:21.941 [opensc-pkcs11] card.c:324:sc_unlock: called 0x7fea42b2e6f0 03:15:21.941 [opensc-pkcs11] card.c:324:sc_unlock: called 0x7fea42b2e6f0 03:15:21.941 [opensc-pkcs11] reader-openct.c:407:openct_reader_unlock: called 0x7fea42b2e6f0 03:15:21.941 [opensc-pkcs11] framework-pkcs15.c:2411:pkcs15_prkey_sign: Sign complete. Result 64. 0x7fea42b2e6f0 03:15:21.941 [opensc-pkcs11] pkcs11-object.c:593:C_Sign: C_Sign() = CKR_OK Message signed Verifying message 0x7fea42b2e6f0 03:15:21.941 [opensc-pkcs11] misc.c:136:session_start_operation: called 0x7fea42b2e6f0 03:15:21.941 [opensc-pkcs11] misc.c:137:session_start_operation: Session 0x237ad40, type 2 0x7fea42b2e6f0 03:15:21.941 [opensc-pkcs11] pkcs11-object.c:1074:C_VerifyInit: C_VerifyInit() = CKR_OK 0x7fea42b2e6f0 03:15:21.941 [opensc-pkcs11] misc.c:158:session_get_operation: called 0x7fea42b2e6f0 03:15:21.941 [opensc-pkcs11] misc.c:158:session_get_operation: called 0x7fea42b2e6f0 03:15:21.943 [opensc-pkcs11] pkcs11-object.c:1104:C_Verify: C_Verify() = CKR_OK Message verified ........... Thanks _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel