Henryk Plötz wrote:
Moin,
I have here a Starcos SPK 2.3 card that is to be used for SSH login.
However, SSH fails with "Instruction code not supported or invalid" and
pkcs11-tool --test gives the same error on the SHA1-RSA-PKCS test.
Sequence of commands:
| $ pkcs15-init -EC
[...]
| $ pkcs15-init -G rsa/1024 -a 1
[...]
| $ pkcs11-tool -t -l
| Please enter User PIN:
| C_SeedRandom() and C_GenerateRandom():
| not implemented
| Digests:
| all 4 digest functions seem to work
| MD5: OK
| SHA-1: OK
| RIPEMD160: OK
| Signatures (currently only RSA signatures)
| testing key 0 (Private Key)
| all 4 signature functions seem to work
| testing signature mechanisms:
| RSA-PKCS: OK
| SHA1-RSA-PKCS:
| iso7816.c:99:iso7816_check_sw: Instruction code not supported or invalid
| card-starcos.c:1174:starcos_compute_signature: returning with: Unsupported
INS byte in APDU
| sec.c:53:sc_compute_signature: returning with: Unsupported INS byte in APDU
| pkcs15-sec.c:331:sc_pkcs15_compute_signature: sc_compute_signature() failed:
Unsupported INS byte in APDU
| error: PKCS11 function C_Sign failed: rv = CKR_GENERAL_ERROR (0x5)
|
| Aborting.
For reference, the last two APDU exchanges are:
APDU: 00 22 41 B6 06 84 01 91 80 01 12
SW: 90 00
APDU: 00 2A 90 81 14 29 B0 E7 87 82 71 64 5F FF B7 EE C7 DB 4A 74 73 A1 C0 0B C1
SW: 6D 00
I'm confused, because the last command is described exactly in that
format (00 2A 90 81 14 data) in the Starcos SPK 2.3 manual (on page
55 as PUT HASH), so the "Instruction code not supported" answer seems
to be a bit off.
Any hints? Is this an error in opensc or in the card?
did you test other card readers etc. ?
Btw: I currently have similar strange problems with my starcos card.
Cheers,
Nils
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
