Hi,
> How can i sign datas using OCF1.2 with a Gemsafe 16K card and a GCR410
> readers (or GCR 400) ?
I'm also trying out GemSAFE 16K cards but I'm having a lot of problems...
One of the problems I have is that the signatures I get from the card are
OK if they are created with 512 bit keys but are NOK otherwise...
> I've tried several piece of code but i'm not able to sign datas. In fact,
> i'm unable to find certificates on the card.
Only the end user certificate is on the card (an not the whole chain) on
the :3F00:0200:0004, but it's stored in a compressed way (it starts with
0x 02 92)...
To be able to obtain it uncompressed you should use the PKCS#11 that
comes with the GemSAFE libraries (but I'm also having problems with this
because sometimes it works and sometimes it doesn't)...
>
> This address :3F00:0200 is marked as PK DIRECTORY. GPKKeyManagementService
> kms.pkDIR gives me 6 objects :
>
> System.out.println("\nPK Directory");
> byte[] list = kms.pkDir(path);
> if(list != null) {
> for(int i = 0; i < list.length; i += 3) {
> int fileSize = ArrayUtils.decodeByte(list[i+1])*256 +
> ArrayUtils.decodeByte(list[i+2]);
> System.out.println("File with SFI " + HexString.hexify(list[i]) + "
> has body size of " + fileSize + " bytes.");
> }
> }
>
> Output was :
>
> File with SFI 07 has body size of 84 bytes. File with SFI 08 has body size
> of 84 bytes. File with SFI 09 has body size of 148 bytes. File with SFI 0A
> has body size of 148 bytes. File with SFI 0B has body size of 148 bytes.
> File with SFI 0C has body size of 148 bytes.
These are the files of the private keys that are (or will be) on the card...
The ones with a body of 84 bytes correspond to 512 bit keys and the ones
with a body of 148 bytes correspond to a 1024 bit key...
>
> I use this code to sign datas :
>
> GPKSignatureService scs =
> (GPKSignatureService)sc.getCardService(GPKSignatureService.class,true);
> CardFilePath cfp = new CardFilePath(":3F00:0200:0207");
> GPKSignatureKeyFile kf = new
> GPKSignatureKeyFile(cfp,1024,GPKSignatureKeyFile.UNCERTIFIED_KEY);
> // Let the card generate a signature
> scs.signData(kf,JCAStandardNames.SHA1_RSA,JCAStandardNames.PKCS_PADDING,data
> );
But can you obtain the signature from the card ?
Is the problem in the signature verification ?
If so, try using 512 bit keys because (at least from my experience) those
are the only keys that allow a correct signature...
Regards,
Pedro Borges
>
>
> Help needed ! Samples are welcome.
>
>
> Frankinet Philippe
> NSI s.a.
> T�l : 04 239 91 50
> http://www.nsi-sa.be
>
>
>
> ---
>
>>Visit the OpenCard web site at http://www.opencard.org/ for more
>>information on OpenCard---binaries, source code, documents.
>>This list is being archived at http://www.opencard.org/archive/opencard/
>
>
> ! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email
> ! to
> ! [EMAIL PROTECTED]
> ! containing the word
> ! unsubscribe
> ! in the body.
--
-----------------------------------------------------------------------
Pedro Borges <[EMAIL PROTECTED]>
MULTICERT <http://www.multicert.com/>
Servi�os de Certifica��o Electr�nica, S.A.
DDI: +351 22 3391816 Mobile: +351 96 8332329
-----------------------------------------------------------------------
Edif�cio Correios de Portugal Phone: +351 22 3391810
Pra�a da Trindade, 32 - 3� Andar Fax: +351 22 3391811
4000-539 Porto, PORTUGAL
-----------------------------------------------------------------------
---
> Visit the OpenCard web site at http://www.opencard.org/ for more
> information on OpenCard---binaries, source code, documents.
> This list is being archived at http://www.opencard.org/archive/opencard/
! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email
! to
! [EMAIL PROTECTED]
! containing the word
! unsubscribe
! in the body.
