I loaded a pair of RSA keys and a X.509v3 certificate onto a Gemplus GPK8000 smart
card using Netscape 4.76. With GPK Card Services 0.2, I can successfully read the
certificate from :3F00:0200:0002 (private objects file, need to present PIN first),
and the modulus and exponent of the public key from :3F00:0200:0009. However, I failed
to get any data signed and I always get the following response:
com.gemplus.opencard.service.GPKException: ISO error (69 82):
Access condition not fulfilled:
Secure messaging required and no key specified in Access Condition.
Secure messaging required and no temporary administration key established.
What do I need? I notice that :3F00:0200:0201 is a DES key file. Do I need to know
that 3DES key and provide an administration credential to the signature card service?
Since this key is set by the PKCS#11 implementation of GemSAFE, is it some kind of
confidential? If so, how can I use OCF to get signed data from a GPK8000 card loaded
by PKCS#11?
The source code is something like this:
GPKSignatureService scs =
(GPKSignatureService)sc.getCardService(SignatureCardService.class, true);
CardFilePath keyPath = new CardFilePath(":3F00:0200:0009");
keyFile = new GPKSignatureKeyFile(keyPath, 1024, GPKRSAKeyFile.UNCERTIFIED_KEY);
byte[] dataToSign = "I WANT TO GET THIS SIGNED".getBytes();
byte[] mySignature = scs.signData(keyFile, GPKStandardNames.SHA1_RSA,
GPKStandardNames.PKCS_PADDING, dataToSign);
Thanks!
Sincerely,
Mike
---
> Visit the OpenCard web site at http://www.opencard.org/ for more
> information on OpenCard---binaries, source code, documents.
> This list is being archived at http://www.opencard.org/archive/opencard/
! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email
! to
! [EMAIL PROTECTED]
! containing the word
! unsubscribe
! in the body.
