On Wed, 2010-09-01 at 04:55 +0400, Aleksey Samsonov wrote: > Hello, > > Martin Paljak wrote: > >> 2. The announcement of the GOST public key algorithm seems to me very > >> optimistic. Because the current implementation isn't functional at all > >> [1][2]. > > Good catch. > > The GOST public key algorithm is working (the current implementation), > but in [1] [2] by a lucky chance. We need to fix logic in this case.
Sorry when causing trouble. But Aleksey is right. The implementation of pkcs15-sec doesn't hinder the GOST algorithm to work. That's strange. @Aleksey: Have you personalised a lot of tokens yet? There's a problem with the chosen tag for the GOSTPrivateKey. Tag A3 is still allocated by pkcs15 and is used for KEA. > See > http://www.opensc-project.org/opensc/browser/trunk/src/libopensc/card-rtecp.c#L60 > > >> [1]http://www.opensc-project.org/opensc/browser/trunk/src/libopensc/pkcs15-sec.c#L86 > >> [2]http://www.opensc-project.org/opensc/browser/trunk/src/libopensc/card.c#L725 > > Trace example: > > Breakpoint 1, _sc_card_find_rsa_alg (card=0x8e2530, key_length=256) at > card.c:730 > 730 for (i = 0; i < card->algorithm_count; i++) { > > (gdb) bt > > #0 _sc_card_find_rsa_alg (card=0x8e2530, key_length=256) at card.c:730 > > #1 0x00007fce3a329369 in sc_pkcs15_compute_signature (p15card=0x8e2b00, > obj=0x8eaff0, > flags=<value optimized out>, in=<value optimized out>, inlen=32, > out=<value optimized out>, outlen=64) > at pkcs15-sec.c:175 > > #2 0x000000000041118d in pkcs15_prkey_sign (ses=0x8ee2c0, obj=<value > optimized out>, > pMechanism=<value optimized out>, pData=<value optimized out>, > ulDataLen=32, > pSignature=<value optimized out>, pulDataLen=0x7128e8) at > framework-pkcs15.c:2401 > #3 0x000000000040ca98 in sc_pkcs11_signature_final (operation=0x8ee230, > pSignature=0x712860 "", > pulSignatureLen=0x7128e8) at mechanism.c:425 > > #4 0x000000000040d546 in sc_pkcs11_sign_final (session=0x8ee2c0, > pSignature=0x712860 "", > pulSignatureLen=0x7128e8) at mechanism.c:307 > > #5 0x000000000040a82c in C_Sign (hSession=9364160, pData=0x708de0 > "1234567890123456789012345678901", > ulDataLen=32, pSignature=0x712860 "", pulSignatureLen=0x7128e8) at > pkcs11-object.c:591 > #6 0x00000000004079b5 in main () > > (gdb) finish > > Run till exit from #0 _sc_card_find_rsa_alg (card=0x8e2530, > key_length=256) at card.c:730 > sc_pkcs15_compute_signature (p15card=0x8e2b00, obj=0x8eaff0, > flags=<value optimized out>, > in=<value optimized out>, inlen=32, out=<value optimized out>, > outlen=64) at pkcs15-sec.c:176 > 176 if (alg_info == NULL) { > > Value returned is $1 = (sc_algorithm_info_t *) 0x8e27c0 > > (gdb) p/x *$1 > > $3 = {algorithm = 0x0, key_length = 0x100, flags = 0x80000011, u = {_rsa > = {exponent = 0x0}}} > (gdb) n > > 175 alg_info = _sc_card_find_rsa_alg(p15card->card, > prkey->modulus_length); > (gdb) > > 176 if (alg_info == NULL) { > > (gdb) > > 160 size_t modlen = prkey->modulus_length / 8; > > (gdb) > > 183 if (inlen > sizeof(buf) || outlen < modlen) > > (gdb) > > 185 memcpy(buf, in, inlen); > > (gdb) > > 180 senv.algorithm = SC_ALGORITHM_RSA; > > (gdb) > > 185 memcpy(buf, in, inlen); > > (gdb) > > 195 if ((alg_info->flags & SC_ALGORITHM_NEED_USAGE) && > > (gdb) > > 223 if ((flags == (SC_ALGORITHM_RSA_PAD_PKCS1 | > SC_ALGORITHM_RSA_HASH_NONE)) && > (gdb) > > 237 r = sc_get_encoding_flags(ctx, flags, alg_info->flags, > &pad_flags, &sec_flags); > (gdb) > > 238 if (r != SC_SUCCESS) { > > (gdb) > > 245 if (pad_flags != 0) { > > (gdb) > > 242 senv.algorithm_flags = sec_flags; > > (gdb) > > 245 if (pad_flags != 0) { > > (gdb) > > 242 senv.algorithm_flags = sec_flags; > > (gdb) > > 245 if (pad_flags != 0) { > > (gdb) > > 250 } else if ((flags & SC_ALGORITHM_RSA_PADS) == > SC_ALGORITHM_RSA_PAD_NONE) { > (gdb) > > 252 if (inlen < modlen) { > > (gdb) > > 260 senv.operation = SC_SEC_OPERATION_SIGN; > > (gdb) > > 261 senv.flags = 0; > > (gdb) > > 263 if (prkey->key_reference >= 0) { > > (gdb) > > 264 senv.key_ref_len = 1; > > (gdb) > > 265 senv.key_ref[0] = prkey->key_reference & 0xFF; > > (gdb) > > 266 senv.flags |= SC_SEC_ENV_KEY_REF_PRESENT; > > (gdb) > > 268 senv.flags |= SC_SEC_ENV_ALG_PRESENT; > > (gdb) > > 270 r = sc_lock(p15card->card); > > (gdb) > > 271 SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "sc_lock() > failed"); > (gdb) > > 270 r = sc_lock(p15card->card); > > (gdb) > > 271 SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "sc_lock() > failed"); > (gdb) > > 273 if (prkey->path.len != 0) { > > (gdb) > > 274 r = select_key_file(p15card, prkey, &senv); > > (gdb) > > 275 if (r < 0) { > (gdb) > 274 r = select_key_file(p15card, prkey, &senv); > (gdb) > 275 if (r < 0) { > (gdb) > 281 r = sc_set_security_env(p15card->card, &senv, 0); > (gdb) > 282 if (r < 0) { > (gdb) > 281 r = sc_set_security_env(p15card->card, &senv, 0); > (gdb) > 282 if (r < 0) { > (gdb) > 287 r = sc_compute_signature(p15card->card, tmp, inlen, out, > outlen); > (gdb) s > sc_compute_signature (card=0x8e2530, data=0x7fff14921100 > "1234567890123456789012345678901", datalen=32, > out=0x712860 "", outlen=64) at sec.c:48 > 48 { > (gdb) n > 51 assert(card != NULL); > (gdb) > 48 { > (gdb) > 51 assert(card != NULL); > (gdb) > 52 SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_NORMAL); > (gdb) > 53 if (card->ops->compute_signature == NULL) > (gdb) > 55 r = card->ops->compute_signature(card, data, datalen, > out, outlen); > (gdb) s > rtecp_compute_signature (card=0x8e2530, data=0x7fff14921100 > "1234567890123456789012345678901", data_len=32, > out=0x712860 "", out_len=64) at card-rtecp.c:415 > 415 { > (gdb) > > > > > >> It would be very surprising to me, if there is at least one > >> single person who could explain (to an ordinary user) how to get this > >> stuff to work. Question: Why declaring such non functional stuff as a > >> new feature? > > > > AFAIK the only cards/tokens that support GOST seem to be Rutokens and thus > > we have to take the developers word on that as I have tried to get a > > Rutoken but those e-mails faded away, I did not get a reply from the > > vendor. I don't know anyone else on this list who has a Rutoken and could > > verify (or in that sense, care about) the functioning of GOST algorithms > > and key generation etc. > > > > What maybe needs to be done is better phrasing of what the actual "support > > for" means. There sure is code in OpenSC that deals with GOST algorithms, > > but how and where it is exposed, needs to be documented. > > > > Aleksey, can you explain the situation with GOST in more detail? > > The GOST R 34.10-2001 is working on Rutoken ECP only > (http://www.opensc-project.org/opensc/wiki/AktivRutokenECP) > > Supported: > PKCS#11 opensc-pkcs11 (C_GenerateKeyPair, C_Find*, C_Digest*, C_Sign*, > C_Verify* are working with GOST) > pkcs11-tool (read and show GOST objects only) > pkcs15-tool > pkcs15-init > > > Some examples: > > $ pkcs15-init --create-pkcs15 --so-pin "87654321" --so-puk "" > $ pkcs15-init --store-pin --label "User PIN" --auth-id 02 --pin > "12345678" --puk "" --so-pin "87654321" --finalize > > > $ > > $ openssl genpkey -engine gost -algorithm gost2001 -pkeyopt paramset:A > -out test_key > engine "gost" set. > > $ > > $ openssl req -engine gost -new -x509 -days 30 -key test_key -out > test_cert > engine "gost" set. > > You are about to be asked to enter information that will be incorporated > > into your certificate request. > > What you are about to enter is what is called a Distinguished Name or a > DN. > There are quite a few fields but you can leave some blank > > For some fields there will be a default value, > > If you enter '.', the field will be left blank. > > ----- > > Country Name (2 letter code) [AU]:RU > > State or Province Name (full name) [Some-State]: > > Locality Name (eg, city) []: > > Organization Name (eg, company) [Internet Widgits Pty Ltd]: > > Organizational Unit Name (eg, section) []: > > Common Name (eg, YOUR name) []:Name > > Email Address []:n...@mail > > $ > > $ openssl pkey -engine gost -in test_key -text > > engine "gost" set. > > -----BEGIN PRIVATE KEY----- > > MEUCAQAwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEEIgIgSYP2t827klu9 > > QoJxuxhJ/N/ovSOUnFwjp6gIxbGJYsE= > > -----END PRIVATE KEY----- > > Private key: > 4983F6B7CDBB925BBD428271BB1849FCDFE8BD23949C5C23A7A808C5B18962C1 > > Public key: > > X:A72742EC9FF900298DC28141F40C9A68C83ECF2758AEBE80F4774C1E3AB8C5C6 > > Y:3FAEC2B7B0375AB7DA7F4D6FDE33BE386A5681F03BFE1EC38EA7EE8CD15A75F3 > > Parameter set: id-GostR3410-2001-CryptoPro-A-ParamSet > > $ openssl x509 -engine gost -in test_cert -text > > engine "gost" set. > > Certificate: > > Data: > > Version: 3 (0x2) > > Serial Number: > > fb:e8:78:cc:97:70:4f:cd > > Signature Algorithm: GOST R 34.11-94 with GOST R 34.10-2001 > > Issuer: C=RU, ST=Some-State, O=Internet Widgits Pty Ltd, > CN=Name/emailaddress...@mail > Validity > > Not Before: Aug 31 20:29:27 2010 GMT > > Not After : Sep 30 20:29:27 2010 GMT > > Subject: C=RU, ST=Some-State, O=Internet Widgits Pty Ltd, > CN=Name/emailaddress...@mail > Subject Public Key Info: > > Public Key Algorithm: GOST R 34.10-2001 > > Public key: > > > X:A72742EC9FF900298DC28141F40C9A68C83ECF2758AEBE80F4774C1E3AB8C5C6 > > > Y:3FAEC2B7B0375AB7DA7F4D6FDE33BE386A5681F03BFE1EC38EA7EE8CD15A75F3 > > Parameter set: id-GostR3410-2001-CryptoPro-A-ParamSet > > X509v3 extensions: > > X509v3 Subject Key Identifier: > > > 5C:70:59:85:37:22:F7:AE:ED:74:93:26:73:91:F3:EC:AA:20:54:46 > > X509v3 Authority Key Identifier: > > > keyid:5C:70:59:85:37:22:F7:AE:ED:74:93:26:73:91:F3:EC:AA:20:54:46 > > > X509v3 Basic Constraints: > CA:TRUE > Signature Algorithm: GOST R 34.11-94 with GOST R 34.10-2001 > 43:4d:0b:8c:f5:50:bf:74:aa:1d:ec:54:4c:42:a0:57:8d:c2: > 5a:a6:d4:be:25:81:83:c5:42:a4:0b:4b:46:2a:19:8c:99:69: > 84:1e:97:ed:e8:2a:27:f5:12:1f:5d:67:eb:d8:5e:df:ef:83: > cf:5f:d9:ce:2f:1f:8e:f2:b3:87 > -----BEGIN CERTIFICATE----- > MIICIjCCAc+gAwIBAgIJAPvoeMyXcE/NMAoGBiqFAwICAwUAMGwxCzAJBgNVBAYT > AlJVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRn > aXRzIFB0eSBMdGQxDTALBgNVBAMMBE5hbWUxFjAUBgkqhkiG9w0BCQEWB25vQG1h > aWwwHhcNMTAwODMxMjAyOTI3WhcNMTAwOTMwMjAyOTI3WjBsMQswCQYDVQQGEwJS > VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0 > cyBQdHkgTHRkMQ0wCwYDVQQDDAROYW1lMRYwFAYJKoZIhvcNAQkBFgdub0BtYWls > MGMwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEDQwAEQMbFuDoeTHf0gL6u > WCfPPshomgz0QYHCjSkA+Z/sQien83Va0Yzup47DHv478IFWaji+M95vTX/at1o3 > sLfCrj+jUDBOMB0GA1UdDgQWBBRccFmFNyL3ru10kyZzkfPsqiBURjAfBgNVHSME > GDAWgBRccFmFNyL3ru10kyZzkfPsqiBURjAMBgNVHRMEBTADAQH/MAoGBiqFAwIC > AwUAA0EAQ00LjPVQv3SqHexUTEKgV43CWqbUviWBg8VCpAtLRioZjJlphB6X7egq > J/USH11n69he3++Dz1/Zzi8fjvKzhw== > -----END CERTIFICATE----- > $ > $ pkcs15-init --store-private-key test_key --key-usage sign,decrypt > --auth-id 2 --id 3 --pin "12345678" > Using reader with a card: CCID Compatible > > $ pkcs15-init --store-certificate test_cert --id 3 --pin "12345678" > > Using reader with a card: CCID Compatible > > $ > > $ pkcs11-tool --slot 1 --list-objects --login --pin "12345678" > > Private Key Object; GOSTR3410 > > OID: 06072a850302022301 > > label: Private Key > > ID: 03 > > Usage: decrypt, sign, unwrap > > Public Key Object; GOSTR3410 > > OID: 06072a850302022301 > > label: Public Key > > ID: 03 > > Usage: none > > Certificate Object, type = X.509 cert > > label: Certificate > > ID: 03 > > $ > > $ pkcs15-tool --list-certificates --list-public-keys --list-keys --pin > "12345678" > Using reader with a card: CCID Compatible > > X.509 Certificate [Certificate] > > Flags : 2 > > Authority: no > > Path : 3f0050000300 > > ID : 03 > > Encoded serial: 02 09 00FBE878CC97704FCD > > > Private GOSTR3410 Key [Private Key] > Com. Flags : 3 > Usage : [0x2E], decrypt, sign, signRecover, unwrap > Access Flags: [0x0] > ModLength : 256 > Key ref : 1 > Native : yes > Path : 3f001000100060020001 > Auth ID : 02 > ID : 03 > > Public GOSTR3410 Key [Public Key] > Com. Flags : 2 > Usage : [0x4], sign > Access Flags: [0x0] > ModLength : 256 > Key ref : 0 > Native : no > Path : 3f0050000200 > Auth ID : > ID : 03 > > $ > $ pkcs11-tool --slot 1 --read-object --type pubkey --id 3 | hexdump -C > 00000000 04 40 c6 c5 b8 3a 1e 4c 77 f4 80 be ae 58 27 cf > |....@ÆŸ:.Lwô.¾®X'Ï| > 00000010 3e c8 68 9a 0c f4 41 81 c2 8d 29 00 f9 9f ec 42 > |>Èh..ôA.Â.).ù.ìB| > 00000020 27 a7 f3 75 5a d1 8c ee a7 8e c3 1e fe 3b f0 81 > |'§óuZÑ.î§.Ã.þ;ð.| > 00000030 56 6a 38 be 33 de 6f 4d 7f da b7 5a 37 b0 b7 c2 > |Vj8¾3ÞoM.Ú·Z7°·Â| > 00000040 ae 3f |®?| > > 00000042 > > $ > > > > PKCS#11 Example: > ................ > 0x7fea42b2e6f0 03:15:20.368 [opensc-pkcs11] > card-rtecp.c:319:rtecp_verify: returning with: 0 > 0x7fea42b2e6f0 03:15:20.368 [opensc-pkcs11] sec.c:204:sc_pin_cmd: > returning with: 0 > 0x7fea42b2e6f0 03:15:20.368 [opensc-pkcs11] > pkcs15-pin.c:481:sc_pkcs15_pincache_add: called > 0x7fea42b2e6f0 03:15:20.368 [opensc-pkcs11] > pkcs15-pin.c:501:sc_pkcs15_pincache_add: PIN(User PIN) cached > 0x7fea42b2e6f0 03:15:20.368 [opensc-pkcs11] card.c:324:sc_unlock: called > > 0x7fea42b2e6f0 03:15:20.368 [opensc-pkcs11] > reader-openct.c:407:openct_reader_unlock: called > 0x7fea42b2e6f0 03:15:20.368 [opensc-pkcs11] > framework-pkcs15.c:1057:pkcs15_login: PKCS15 verify PIN returned 0 > 0x7fea42b2e6f0 03:15:20.368 [opensc-pkcs11] > framework-pkcs15.c:1064:pkcs15_login: Check if pkcs15 object list can be > completed. > > 0x7fea42b2e6f0 03:15:20.368 [opensc-pkcs11] > pkcs15-syn.c:434:sc_pkcs15emu_postponed_load: called > 0x7fea42b2e6f0 03:15:20.368 [opensc-pkcs11] > pkcs15-syn.c:440:sc_pkcs15emu_postponed_load: Type:8,enumerated:1 > 0x7fea42b2e6f0 03:15:20.368 [opensc-pkcs11] > pkcs15-syn.c:440:sc_pkcs15emu_postponed_load: Type:0,enumerated:1 > 0x7fea42b2e6f0 03:15:20.368 [opensc-pkcs11] > pkcs15-syn.c:440:sc_pkcs15emu_postponed_load: Type:1,enumerated:1 > 0x7fea42b2e6f0 03:15:20.368 [opensc-pkcs11] > pkcs15-syn.c:440:sc_pkcs15emu_postponed_load: Type:4,enumerated:1 > 0x7fea42b2e6f0 03:15:20.368 [opensc-pkcs11] > pkcs15-syn.c:453:sc_pkcs15emu_postponed_load: Loaded mask 0x0 > 0x7fea42b2e6f0 03:15:20.368 [opensc-pkcs11] > pkcs15-syn.c:454:sc_pkcs15emu_postponed_load: returning with: 0 > 0x7fea42b2e6f0 03:15:20.368 [opensc-pkcs11] > misc.c:59:sc_to_cryptoki_error_common: opensc error: No errors (0) > 0x7fea42b2e6f0 03:15:20.368 [opensc-pkcs11] > pkcs11-object.c:274:C_FindObjectsInit: C_FindObjectsInit(slot = 1) > 0x7fea42b2e6f0 03:15:20.368 [opensc-pkcs11] > pkcs11-object.c:275:C_FindObjectsInit: C_FindObjectsInit(): CKA_ID = 03 > > > 0x7fea42b2e6f0 03:15:20.368 [opensc-pkcs11] > misc.c:136:session_start_operation: called > 0x7fea42b2e6f0 03:15:20.368 [opensc-pkcs11] > misc.c:137:session_start_operation: Session 0x237ad40, type 0 > 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] > pkcs11-object.c:294:C_FindObjectsInit: Object with handle 0x23757b0 > 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] > pkcs11-object.c:322:C_FindObjectsInit: Object 1/37181360: Attribute > 0x102 matches. > > 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] > pkcs11-object.c:327:C_FindObjectsInit: Object 1/37181360 matches > 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] > pkcs11-object.c:294:C_FindObjectsInit: Object with handle 0x2377a00 > 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] > pkcs11-object.c:322:C_FindObjectsInit: Object 1/37190144: Attribute > 0x102 matches. > > 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] > pkcs11-object.c:327:C_FindObjectsInit: Object 1/37190144 matches > 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] > pkcs11-object.c:294:C_FindObjectsInit: Object with handle 0x2378ae0 > 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] > pkcs11-object.c:322:C_FindObjectsInit: Object 1/37194464: Attribute > 0x102 matches. > > 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] > pkcs11-object.c:327:C_FindObjectsInit: Object 1/37194464 matches > 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] > pkcs11-object.c:338:C_FindObjectsInit: 3 matching objects > 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] > misc.c:158:session_get_operation: called > 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] > misc.c:158:session_get_operation: called > 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] > pkcs11-object.c:180:C_GetAttributeValue: Object 37181360: CKA_CLASS = > CKO_PRIVATE_KEY > > 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] > pkcs11-object.c:202:C_GetAttributeValue: > C_GetAttributeValue(hSession=0x237ad40, hObject=0x23757b0) = CKR_OK > > 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] > pkcs11-object.c:180:C_GetAttributeValue: Object 37190144: CKA_CLASS = > CKO_PUBLIC_KEY > > 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] > pkcs11-object.c:202:C_GetAttributeValue: > C_GetAttributeValue(hSession=0x237ad40, hObject=0x2377a00) = CKR_OK > > 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] > pkcs11-object.c:180:C_GetAttributeValue: Object 37194464: CKA_CLASS = > CKO_CERTIFICATE > > 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] > pkcs11-object.c:202:C_GetAttributeValue: > C_GetAttributeValue(hSession=0x237ad40, hObject=0x2378ae0) = CKR_OK > > 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] > misc.c:136:session_start_operation: called > 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] > misc.c:137:session_start_operation: Session 0x237ad40, type 1 > 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] > pkcs11-object.c:552:C_SignInit: C_SignInit() = CKR_OK > 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] > misc.c:158:session_get_operation: called > 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] pkcs11-object.c:593:C_Sign: > C_Sign() = CKR_OK > 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] > misc.c:158:session_get_operation: called > 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] > misc.c:158:session_get_operation: called > 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] > misc.c:158:session_get_operation: called > 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] > framework-pkcs15.c:2341:pkcs15_prkey_sign: Initiating signing operation, > mechanism 0x1201. > > 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] card.c:290:sc_lock: called > > 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] > reader-openct.c:381:openct_reader_lock: called > 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] > framework-pkcs15.c:3141:reselect_app_df: reselect application df > 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] card.c:543:sc_select_file: > called; type=2, path=3f005000 > 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] apdu.c:521:sc_transmit_apdu: > called > 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] card.c:290:sc_lock: called > > 0x7fea42b2e6f0 03:15:20.369 [opensc-pkcs11] apdu.c:187:sc_apdu_log: > > Outgoing APDU data [ 7 bytes] ===================================== > > 00 A4 08 00 02 50 00 .....P. > > ====================================================================== > > 0x7fea42b2e6f0 03:15:20.371 [opensc-pkcs11] apdu.c:187:sc_apdu_log: > > Incoming APDU data [ 2 bytes] ===================================== > > 90 00 .. > > ====================================================================== > > 0x7fea42b2e6f0 03:15:20.371 [opensc-pkcs11] card.c:324:sc_unlock: called > > 0x7fea42b2e6f0 03:15:20.371 [opensc-pkcs11] > iso7816.c:465:iso7816_select_file: returning with: 0 > 0x7fea42b2e6f0 03:15:20.371 [opensc-pkcs11] > card-rtecp.c:266:rtecp_select_file: returning with: 0 > 0x7fea42b2e6f0 03:15:20.371 [opensc-pkcs11] card.c:564:sc_select_file: > returning with: 0 > 0x7fea42b2e6f0 03:15:20.371 [opensc-pkcs11] > framework-pkcs15.c:2400:pkcs15_prkey_sign: Selected flags 4000. Now > computing signature for 32 bytes. 64 bytes reserved. > > 0x7fea42b2e6f0 03:15:20.371 [opensc-pkcs11] > pkcs15-sec.c:163:sc_pkcs15_compute_signature: called > 0x7fea42b2e6f0 03:15:20.371 [opensc-pkcs11] card.c:290:sc_lock: called > > 0x7fea42b2e6f0 03:15:20.371 [opensc-pkcs11] card.c:543:sc_select_file: > called; type=2, path=3f001000100060020001 > > > 0x7fea42b2e6f0 03:15:20.371 [opensc-pkcs11] apdu.c:521:sc_transmit_apdu: > called > 0x7fea42b2e6f0 03:15:20.371 [opensc-pkcs11] card.c:290:sc_lock: called > > 0x7fea42b2e6f0 03:15:20.371 [opensc-pkcs11] apdu.c:187:sc_apdu_log: > > Outgoing APDU data [ 13 bytes] ===================================== > > 00 A4 08 00 08 10 00 10 00 60 02 00 01 .........`... > > ====================================================================== > > 0x7fea42b2e6f0 03:15:20.373 [opensc-pkcs11] apdu.c:187:sc_apdu_log: > > Incoming APDU data [ 2 bytes] ===================================== > > 90 00 .. > > ====================================================================== > > 0x7fea42b2e6f0 03:15:20.373 [opensc-pkcs11] card.c:324:sc_unlock: called > > 0x7fea42b2e6f0 03:15:20.373 [opensc-pkcs11] > iso7816.c:465:iso7816_select_file: returning with: 0 > 0x7fea42b2e6f0 03:15:20.373 [opensc-pkcs11] > card-rtecp.c:266:rtecp_select_file: returning with: 0 > 0x7fea42b2e6f0 03:15:20.373 [opensc-pkcs11] card.c:564:sc_select_file: > returning with: 0 > 0x7fea42b2e6f0 03:15:20.373 [opensc-pkcs11] > sec.c:66:sc_set_security_env: called > 0x7fea42b2e6f0 03:15:20.373 [opensc-pkcs11] apdu.c:521:sc_transmit_apdu: > called > 0x7fea42b2e6f0 03:15:20.373 [opensc-pkcs11] card.c:290:sc_lock: called > > 0x7fea42b2e6f0 03:15:20.373 [opensc-pkcs11] apdu.c:187:sc_apdu_log: > > Outgoing APDU data [ 12 bytes] ===================================== > > 00 22 41 B6 07 81 02 00 01 84 01 01 ."A......... > > ====================================================================== > > 0x7fea42b2e6f0 03:15:20.375 [opensc-pkcs11] apdu.c:187:sc_apdu_log: > > Incoming APDU data [ 2 bytes] ===================================== > > 90 00 .. > > ====================================================================== > > 0x7fea42b2e6f0 03:15:20.375 [opensc-pkcs11] card.c:324:sc_unlock: called > > 0x7fea42b2e6f0 03:15:20.375 [opensc-pkcs11] > sec.c:70:sc_set_security_env: returning with: 0 > 0x7fea42b2e6f0 03:15:20.375 [opensc-pkcs11] > sec.c:52:sc_compute_signature: called > 0x7fea42b2e6f0 03:15:20.375 [opensc-pkcs11] apdu.c:521:sc_transmit_apdu: > called > 0x7fea42b2e6f0 03:15:20.375 [opensc-pkcs11] card.c:290:sc_lock: called > 0x7fea42b2e6f0 03:15:20.375 [opensc-pkcs11] apdu.c:187:sc_apdu_log: > Outgoing APDU data [ 38 bytes] ===================================== > 00 2A 9E 9A 20 00 31 30 39 38 37 36 35 34 33 32 .*.. .1098765432 > 31 30 39 38 37 36 35 34 33 32 31 30 39 38 37 36 1098765432109876 > 35 34 33 32 31 40 54321@ > ====================================================================== > 0x7fea42b2e6f0 03:15:21.941 [opensc-pkcs11] apdu.c:187:sc_apdu_log: > Incoming APDU data [ 66 bytes] ===================================== > 72 87 CE C5 61 C8 03 99 14 F7 3F 70 3A E1 A6 98 r...a.....?p:... > 7F 6B AB FD 3E C7 16 AB 93 D8 1F 97 9A 65 45 BE .k..>........eE. > 74 4F B6 8E D0 2B 1C 50 24 C5 20 67 AB CA DB D9 tO...+.P$. g.... > C6 3E C1 C0 F8 95 22 79 AF 65 37 00 32 73 E5 E0 .>...."y.e7.2s.. > 90 00 .. > ====================================================================== > 0x7fea42b2e6f0 03:15:21.941 [opensc-pkcs11] card.c:324:sc_unlock: called > 0x7fea42b2e6f0 03:15:21.941 [opensc-pkcs11] > card-rtecp.c:398:rtecp_cipher: returning with: 64 > 0x7fea42b2e6f0 03:15:21.941 [opensc-pkcs11] > card-rtecp.c:421:rtecp_compute_signature: returning with: 64 > 0x7fea42b2e6f0 03:15:21.941 [opensc-pkcs11] > sec.c:56:sc_compute_signature: returning with: 64 > 0x7fea42b2e6f0 03:15:21.941 [opensc-pkcs11] card.c:324:sc_unlock: called > 0x7fea42b2e6f0 03:15:21.941 [opensc-pkcs11] card.c:324:sc_unlock: called > 0x7fea42b2e6f0 03:15:21.941 [opensc-pkcs11] > reader-openct.c:407:openct_reader_unlock: called > 0x7fea42b2e6f0 03:15:21.941 [opensc-pkcs11] > framework-pkcs15.c:2411:pkcs15_prkey_sign: Sign complete. Result 64. > 0x7fea42b2e6f0 03:15:21.941 [opensc-pkcs11] pkcs11-object.c:593:C_Sign: > C_Sign() = CKR_OK > Message signed > Verifying message > 0x7fea42b2e6f0 03:15:21.941 [opensc-pkcs11] > misc.c:136:session_start_operation: called > 0x7fea42b2e6f0 03:15:21.941 [opensc-pkcs11] > misc.c:137:session_start_operation: Session 0x237ad40, type 2 > 0x7fea42b2e6f0 03:15:21.941 [opensc-pkcs11] > pkcs11-object.c:1074:C_VerifyInit: C_VerifyInit() = CKR_OK > 0x7fea42b2e6f0 03:15:21.941 [opensc-pkcs11] > misc.c:158:session_get_operation: called > 0x7fea42b2e6f0 03:15:21.941 [opensc-pkcs11] > misc.c:158:session_get_operation: called > 0x7fea42b2e6f0 03:15:21.943 [opensc-pkcs11] > pkcs11-object.c:1104:C_Verify: C_Verify() = CKR_OK > Message verified > ........... > > > Thanks _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
