[Bug 1312462] Re: SmartCard-HSM card fails when generating ECC keypair
is that still an issue with current versions? ** Tags removed: upgrade-software-version -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1312462 Title: SmartCard-HSM card fails when generating ECC keypair To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/1312462/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1312462] Re: SmartCard-HSM card fails when generating ECC keypair
** Tags added: upgrade-software-version -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1312462 Title: SmartCard-HSM card fails when generating ECC keypair To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/1312462/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1312462] Re: SmartCard-HSM card fails when generating ECC keypair
Just did a quick test on my machine running OpenSC 0.14: asc@calzone:~/tmp/ecctest$ sc-hsm-tool Using reader with a card: SCM SCR 3310 [CCID Interface] (21120843305113) 00 00 Version : 1.2 User PIN tries left : 3 asc@calzone:~/tmp/ecctest$ pkcs11-tool --module /usr/local/lib/opensc-pkcs11.so -l --pin 648219 --keypairgen --key-type EC:prime256v1 --id 12 --label defaultkey --read-object --type pubkey --output-file pubkey.spki Using slot 0 with a present token (0x0) Key pair generated: Private Key Object; EC label: defaultkey ID: 12 Usage: decrypt, sign, unwrap Public Key Object; EC EC_POINT 256 bits EC_POINT: 0441044e68fd16a81555c2bf448d25b767572c398ac9706298c748d9bd3c88557bb161bef155491140fdc2541c5f032d73abcedd4b6540021b615c2467bbf9bf04c5b8 EC_PARAMS: 06082a8648ce3d030107 label: defaultkey ID: 12 Usage: encrypt, verify, wrap asc@calzone:~/tmp/ecctest$ hexdump pubkey.spki 000 4104 4e04 fd68 a816 5515 bfc2 8d44 b725 010 5767 392c c98a 6270 c798 d948 3cbd 5588 020 b17b be61 55f1 1149 fd40 54c2 5f1c 2d03 030 ab73 ddce 654b 0240 611b 245c bb67 bff9 040 c504 00b8 043 asc@calzone:~/tmp/ecctest$ pkcs15-tool -D Using reader with a card: SCM SCR 3310 [CCID Interface] (21120843305113) 00 00 PKCS#15 Card [SmartCard-HSM]: Version: 0 Serial number : UTCC0200013 Manufacturer ID: www.CardContact.de Flags : PIN [UserPIN] Object Flags : [0x3], private, modifiable ID : 01 Flags : [0x81A], local, unblock-disabled, initialized, exchangeRefData Length : min_len:6, max_len:15, stored_len:0 Pad char : 0x00 Reference : 129 (0x81) Type : ascii-numeric Tries left : 3 PIN [SOPIN] Object Flags : [0x1], private ID : 02 Flags : [0x9E], local, change-disabled, unblock-disabled, initialized, soPin Length : min_len:16, max_len:16, stored_len:0 Pad char : 0x00 Reference : 136 (0x88) Type : bcd Tries left : 3 Private EC Key [defaultkey] Object Flags : [0x3], private, modifiable Usage : [0x2E], decrypt, sign, signRecover, unwrap Access Flags : [0x1D], sensitive, alwaysSensitive, neverExtract, local FieldLength: 256 Key ref: 1 (0x1)
[Bug 1312462] Re: SmartCard-HSM card fails when generating ECC keypair
The main patch to add support for persistent ECC public keys is in [1], however a lot of the ECC code was changed in the patch series around Feb 9, 2014. The safest ways is to change to the stable 0.14 version released a couple of weeks ago. Version 0.13 is about two years old. Andreas [1] https://github.com/OpenSC/OpenSC/commit/67dc60f70780e14a04a62945362fd98a3c1251f5 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1312462 Title: SmartCard-HSM card fails when generating ECC keypair To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/1312462/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1312462] Re: SmartCard-HSM card fails when generating ECC keypair
Yes, I think I've seen similar results when doing some testing around the time of this bug report with OpenSC upstream, OpenSC-CardContact upstream and Ubuntu's 0.13.0 version. I did not manage to find a set of patches to get it working properly with EC keys, even with CardContact's OpenSC. https://github.com/CardContact/OpenSC OpenSC has changed a lot internally between 0.13.0 and master. For me this was too much to nail down the issue. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1312462 Title: SmartCard-HSM card fails when generating ECC keypair To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/1312462/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1312462] Re: SmartCard-HSM card fails when generating ECC keypair
The latter seems related to: 0x7ff363a22740 11:30:29.006 [opensc-pkcs11] pkcs15-lib.c:436:sc_pkcs15init_set_p15card: called 0x7ff363a22740 11:30:29.006 [opensc-pkcs11] pkcs15-lib.c:470:sc_pkcs15init_set_p15card: sc_pkcs15init_set_p15card() returns 0x7ff363a22740 11:30:29.006 [opensc-pkcs11] framework-pkcs15.c:2680:pkcs15_gen_keypair: Try on-card key pair generation 0x7ff363a22740 11:30:29.006 [opensc-pkcs11] pkcs15-lib.c:1271:sc_pkcs15init_generate_key: called 0x7ff363a22740 11:30:29.006 [opensc-pkcs11] pkcs15-lib.c:1993:check_keygen_params_consistency: returning with: -1408 (Not supported) 0x7ff363a22740 11:30:29.006 [opensc-pkcs11] pkcs15-lib.c:1274:sc_pkcs15init_generate_key: Invalid key size: -1408 (Not supported) 0x7ff363a22740 11:30:29.006 [opensc-pkcs11] framework-pkcs15.c:2693:pkcs15_gen_keypair: sc_pkcs15init_generate_key returned -1408 0x7ff363a22740 11:30:29.006 [opensc-pkcs11] misc.c:61:sc_to_cryptoki_error_common: libopensc return value: -1408 (Not supported) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1312462 Title: SmartCard-HSM card fails when generating ECC keypair To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/1312462/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1312462] Re: SmartCard-HSM card fails when generating ECC keypair
I did some tests with the latest Git code and something interesting is happening: Generating a key with Ubuntu packages (0.13.0-3ubuntu4.1): $ pkcs11-tool --module opensc-pkcs11.so -l --keypairgen --key-type EC:prime256v1 --label "My first EC key" Using slot 1 with a present token (0x1) Logging in to "SmartCard-HSM (UserPIN)". Please enter User PIN: Key pair generated: Private Key Object; EC label: My first EC key ID: foobar Usage: decrypt, sign, unwrap Public Key Object; EC EC_POINT 264 bits EC_POINT: 0443044104eb915ffd349158919584cf51915e047784a81a18b3b33804dc318eb0f85608c84f242cba6e88462ed95d15666e0f52659a0abe80b8a0261e30c5b1eab24f80fb warning: PKCS11 function C_GetAttributeValue(EC_PARAMS) failed: rv = CKR_ATTRIBUTE_TYPE_INVALID (0x12) label: My first EC key ID: foobar Usage: encrypt, verify, wrap $ pkcs15-tool -D ... Private EC Key [My first EC key] ... But no public key. Now using pkcs15-tool from upstream Git: $ ./src/tools/pkcs15-tool -D ... Public EC Key [My first EC key] Object Flags : [0x0] Usage : [0x0] Access Flags : [0x2], extract FieldLength : 256 Key ref: 0 (0x0) Native : no ID : foobar DirectValue: Trying to generate a key with latest upstream code: $ ./src/tools/pkcs11-tool --module opensc-pkcs11.so -l --keypairgen --key-type EC:prime256v1 --label "My first EC key" Using slot 1 with a present token (0x1) Logging in to "SmartCard-HSM (UserPIN)". Please enter User PIN: error: PKCS11 function C_GenerateKeyPair failed: rv = CKR_FUNCTION_NOT_SUPPORTED (0x54) Aborting. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1312462 Title: SmartCard-HSM card fails when generating ECC keypair To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/1312462/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1312462] Re: SmartCard-HSM card fails when generating ECC keypair
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: opensc (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1312462 Title: SmartCard-HSM card fails when generating ECC keypair To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/1312462/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
