Moin, I have here a Starcos SPK 2.3 card that is to be used for SSH login. However, SSH fails with "Instruction code not supported or invalid" and pkcs11-tool --test gives the same error on the SHA1-RSA-PKCS test.
Sequence of commands: | $ pkcs15-init -EC [...] | $ pkcs15-init -G rsa/1024 -a 1 [...] | $ pkcs11-tool -t -l | Please enter User PIN: | C_SeedRandom() and C_GenerateRandom(): | not implemented | Digests: | all 4 digest functions seem to work | MD5: OK | SHA-1: OK | RIPEMD160: OK | Signatures (currently only RSA signatures) | testing key 0 (Private Key) | all 4 signature functions seem to work | testing signature mechanisms: | RSA-PKCS: OK | SHA1-RSA-PKCS: | iso7816.c:99:iso7816_check_sw: Instruction code not supported or invalid | card-starcos.c:1174:starcos_compute_signature: returning with: Unsupported INS byte in APDU | sec.c:53:sc_compute_signature: returning with: Unsupported INS byte in APDU | pkcs15-sec.c:331:sc_pkcs15_compute_signature: sc_compute_signature() failed: Unsupported INS byte in APDU | error: PKCS11 function C_Sign failed: rv = CKR_GENERAL_ERROR (0x5) | | Aborting. For reference, the last two APDU exchanges are: APDU: 00 22 41 B6 06 84 01 91 80 01 12 SW: 90 00 APDU: 00 2A 90 81 14 29 B0 E7 87 82 71 64 5F FF B7 EE C7 DB 4A 74 73 A1 C0 0B C1 SW: 6D 00 I'm confused, because the last command is described exactly in that format (00 2A 90 81 14 data) in the Starcos SPK 2.3 manual (on page 55 as PUT HASH), so the "Instruction code not supported" answer seems to be a bit off. Any hints? Is this an error in opensc or in the card? PS: Everything else seems to work fine. This is opensc svn rev 3002. -- Henryk Plötz Grüße aus Berlin ~~~~~~~ Un-CDs, nein danke! http://www.heise.de/ct/cd-register/ ~~~~~~~ ~ Help Microsoft fight software piracy: Give Linux to a friend today! ~
pgpMts0StXtRf.pgp
Description: PGP signature
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
