Amanda Ortega schrieb:
I have created two pairs of keys:
- Putting 0x0000 for all the ACLs (private key 0 and public key 2);
- Putting the ACLs recommended by muscleTools when creating the keys
(private key 1 and public key 3).
The ACL for private keys should disallow at least read, only the usage
should be allowed by PIN. Like RSA PRIVATE CRT 1 1024 in your
list. For the public key the settings in RSA PUBLIC 3 1024 are OK.
When I try to crypt using the first pair, I can't do anything. But when
I try to crypt using the second pair, I can crypt and decrypt, but the
result at the end isn't equal to the beginning.
I created the keys using the scheme that the public key number is always
2 units greater then the private key, is it OK?
Should not matter.
Where can I obtain a documentation about the meaning of the ACLs?
It is a 16 bit mask. 0xFFFF means nobody can do it, 0x0000 always. Or I
have mixed it the wrong way. Every bit in the 16 bit mask is for the PIN
required to operate on the key, e.g. 0x0001 would allow PIN 1 to operate.
Regards,
Karsten
Amanda
1)
$ muscleTool
MuscleCard shell - type "help" for help.
muscleTool > tokens
1. MuscleCard Applet
ListTokens Success.
muscleTool > connect 1
Connect Success.
2)
muscleTool [MuscleCard Applet] > listkeys
Key Type Key Num SIZE
--------------- ------- ----
RSA PRIVATE CRT 0 1024
READ
------
ALWAYS
WRITE
------
ALWAYS
USE
------
ALWAYS
Key Type Key Num SIZE
--------------- ------- ----
RSA PRIVATE CRT 1 1024
READ
------
NEVER
WRITE
------
PIN #1
USE
------
PIN #1
Key Type Key Num SIZE
--------------- ------- ----
RSA PUBLIC 2 1024
READ
------
ALWAYS
WRITE
------
ALWAYS
USE
------
ALWAYS
Key Type Key Num SIZE
--------------- ------- ----
RSA PUBLIC 3 1024
READ
------
PIN #1
WRITE
------
PIN #1
USE
------
ALWAYS
ListKeys Success.
3)
muscleTool [MuscleCard Applet] > verify 1
Enter PIN
'a' aborts this query.
Enter PIN : 76543210
VerifyPIN Successful
muscleTool [MuscleCard Applet] > crypt 3
Would you like to:
0. Abort this selection.
1. Verify
2. Encrypt
Choose (0-2): 2
Please enter text to encrypt in hexadecimal ASCII (at most 1023 characters)
Example: 30313233 for 0123
'a' aborts this query.
Enter text : 3031
Select the algorithm:
0. Abort this selection.
1. RSA with no padding
2. RSA with PKCS#1 padding
Choose (0-2): 1
Result :
77018EBFF08214E606BD4D6BBE341007F69AF6A32675A9ED8394658491D2578BA2B7044C0CE18FC1770E044D93E61C572FB62B3E0EB8D4CCA92872055A2AB39E93C5E1E9109D6A9AC979ACF9A79CCD97E50D9DB3C8DF1733F0F4C9A29A1C9C1324ECA5F31E710C7DF58149F5F94861B2960CF6BEDAE151FC8CE17B064BE547F7
Crypt Successful.
muscleTool [MuscleCard Applet] > crypt 1
Would you like to:
0. Abort this selection.
1. Sign
2. Decrypt
Choose (0-2): 2
Please enter text to decrypt in hexadecimal ASCII (at most 1023 characters)
Example: 30313233 for 0123
'a' aborts this query.
Enter text :
77018EBFF08214E606BD4D6BBE341007F69AF6A32675A9ED8394658491D2578BA2B7044C0CE18FC1770E044D93E61C572FB62B3E0EB8D4CCA92872055A2AB39E93C5E1E9109D6A9AC979ACF9A79CCD97E50D9DB3C8DF1733F0F4C9A29A1C9C1324ECA5F31E710C7DF58149F5F94861B2960CF6BEDAE151FC8CE17B064BE547F7
Select the algorithm:
0. Abort this selection.
1. RSA with no padding
2. RSA with PKCS#1 padding
Choose (0-2): 1
Result :
7BAE4A30262F2110522759135CF5581BB818F8A44080ABCA4DEF7398535C13213F8668AB442D6FDC18B270C7881F23DCAC1F78415C455441F114A36F12C59F0411A2054E06FB393585B5214160CC7EA2DAED3CD4DCA93634C1D402B0AC22206B06BAA82036539489D79194B81C37EC7496D5AC68B984DEF5ED0FFC2FFBB1D8C8
Crypt Successful.
2008/3/3, Michael StJohns <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>>:
Amanda -
Using muscletools do
1) Log yourself in (verify)
2) Do a "listkeys"
3) Try and do the signature again.
Post the output of the above here.
There are a number of possibilities - rather than randomly guessing,
perhaps we can help you interpret the output.
At 12:26 PM 3/3/2008, Amanda Ortega wrote:
I didn't solve that problem, I am testing with version 0.9.8. I
had already verified the PIN successfully...
Amanda
2008/3/3, Karsten Ohme <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]> >:
Amanda Ortega schrieb:
> Hi!
>
> I have installed the applet CardEdge version 0.9.8 in my
GemXpresso R3 card
> and muscleTool version 2.1.0 in my PC.
You have successfully installed the applet? What was the solution?
> I have already formatted the card and
> created a pair of keys. When I try to crypt a text, an error
happens. Here
> is the output of muscleTool:
You must verify to the applet, before you can use the private
key to sign.
See the verify command, e.g. help or help verify in muscleTool.
Regards,
Karsten
>
> muscleTool [MuscleCard Applet] > crypt 1
>
> Would you like to:
> 0. Abort this selection.
> 1. Sign
> 2. Decrypt
>
> Choose (0-2): 1
>
> Please enter text to sign in hexadecimal ASCII (at most 1023
characters)
> Example: 30313233 for 0123
>
> 'a' aborts this query.
> Enter text : 30313233
>
> Select the algorithm:
> 0. Abort this selection.
> 1. RSA with MD5 hash and PKCS#1 padding
>
> Choose (0-1): 1
> ERR: Crypt Failed ! (0x9C06 Unauthorized usage)
> muscleTool [MuscleCard Applet] > muscleTool [MuscleCard Applet] >
>
> Why is happening this?
>
> Regards,
> Amanda
>
>
>
>
------------------------------------------------------------------------
>
> _______________________________________________
> Muscle mailing list
> [email protected] <mailto:[email protected]>
> http://lists.drizzle.com/mailman/listinfo/muscle
_______________________________________________
Muscle mailing list
[email protected] <mailto:[email protected]>
http://lists.drizzle.com/mailman/listinfo/muscle
_______________________________________________
Muscle mailing list
[email protected] <mailto:[email protected]>
http://lists.drizzle.com/mailman/listinfo/muscle
_______________________________________________
Muscle mailing list
[email protected] <mailto:[email protected]>
http://lists.drizzle.com/mailman/listinfo/muscle
------------------------------------------------------------------------
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
