Re: [opensc-devel] RuToken-ECP compute signature question

Sat, 21 May 2011 23:25:59 -0700 

Hello Кирилл

Le 19/05/2011 19:40, Viktor TARASOV a écrit :
> Le 19/05/2011 11:03, Viktor TARASOV a écrit :
>> Le 19/05/2011 10:26, Мещеряков Кирилл a écrit :
>>> Hello,
>>> How are you re-initialize Rutoken ECP?
>> Here is my test sequence:
>>
>> pkcs15-init -E
>> pkcs15-init -C --label "OT-RuToken" -P --auth-id 02 --so-pin "87654321" 
>> --pin "12345678"
>> pkcs15-init --auth-id 02 -S ./some.p12 --format pkcs12 --pin "12345678" 
>> --passphrase "coucou"
>> pkcs15-tool --list-pins -k -c
>> pkcs15-crypt -s --key 30afd5be733a3707e5788adbdb6a2cc8f73ed772 -i 
>> ./some-data.bin --pin "12345678" --sha-1 --pkcs1
> Finally it was my error: in the initializing procedure mandatory '--finalize' 
> is missing.
>
>
> Another question.
>
> I have imported (with OpenSC) GOST key and signed some data with it.
> But verify of the resulted signature with 'openssl pkeyutl' fails.
>
> It do not fails if the input data do not reversed before 'compute-signature'.
> http://www.opensc-project.org/opensc/browser/trunk/src/libopensc/card-rtecp.c#L356
>
> Does this input data reversing is really needed?


After some investigations, it seems that:

- when getting signature using OpenSC, to be verified by openssl tools:
-- the RSA signature has to be calculated for the reverted input data (as it 
actually implemented);
-- the GOST signature has to be done with the direct input data (it's not 
actually the case).

-- when importing RSA or GOST keys the key components are reverted in APDUs 
data.



- with the native module (ruPKCS11ECP.dll):
-- when doing the GOST signature the input data is not reverted.

-- when importing RSA key the components are reverted in the APDUs data;
-- when importing GOST key the key component is not reverted (I suppose that 
it's actually a bug of ruPKCS11ECP.dll) .


If no objections, I'll do the necessary changes for the GOST support in 'rtecp' 
driver of OpenSC .


Kind regards,
Viktor.


_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Reply via email to