Nils Larsch wrote:
Simon Eisenmann wrote:
Here is the debug output to add some more details for this issue:
...
card-cardos.c:714:cardos_set_security_env: returning with: 0
sec.c:67:sc_set_security_env: returning with: 0
sec.c:49:sc_compute_signature: called
card-cardos.c:761:cardos_compute_signature: called
card-cardos.c:775:cardos_compute_signature: trying RSA_PURE_SIG (padded
DigestInfo)
apdu.c:516:sc_transmit_apdu: called
card.c:285:sc_lock: called
apdu.c:184:sc_apdu_log: Outgoing APDU data [ 265 bytes]
=====================================
00 2A 9E 9A 00 01 00 30 30 30 30 30 30 30 30 30 .*.....000000000
30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000
30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000
30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000
30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000
30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000
30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000
30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000
30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000
30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000
30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000
30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000
30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000
30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000
30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000
30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000
30 30 30 30 30 30 30 01 00 0000000..
if you really tried to sign something with
"pkcs15-crypt -s -k 000102030405060708090a0b0c0d0e0f --md5 -i test.md5
-o signed.test"
then the above APDU is obviously wrong and cannot work regardless of
if your reader support ext. APDU or not ...
What is in test.md5 ?
Once you have a correct digestInfo to sign in the APDU data you might
try the attached patch (using sha-1 instead of md5).
the patch
Index: src/libopensc/card-cardos.c
===================================================================
--- src/libopensc/card-cardos.c (Revision 3115)
+++ src/libopensc/card-cardos.c (Arbeitskopie)
@@ -771,6 +771,7 @@
* succeeds (this is not really beautiful, but currently the
* only way I see) -- Nils
*/
+#if 0
if (ctx->debug >= 3)
sc_debug(ctx, "trying RSA_PURE_SIG (padded DigestInfo)\n");
sc_ctx_suppress_errors_on(ctx);
@@ -780,6 +781,7 @@
SC_FUNC_RETURN(ctx, 4, r);
if (ctx->debug >= 3)
sc_debug(ctx, "trying RSA_SIG (just the DigestInfo)\n");
+#endif
/* remove padding: first try pkcs1 bt01 padding */
r = sc_pkcs1_strip_01_padding(data, datalen, buf, &tmp_len);
if (r != SC_SUCCESS) {
@@ -794,6 +796,7 @@
}
memcpy(buf, p, tmp_len);
}
+#if 0
sc_ctx_suppress_errors_on(ctx);
r = do_compute_signature(card, buf, tmp_len, out, outlen);
sc_ctx_suppress_errors_off(ctx);
@@ -801,6 +804,7 @@
SC_FUNC_RETURN(ctx, 4, r);
if (ctx->debug >= 3)
sc_debug(ctx, "trying to sign raw hash value\n");
+#endif
r = sc_pkcs1_strip_digest_info_prefix(NULL,buf,tmp_len,buf,&buf_len);
if (r != SC_SUCCESS)
SC_FUNC_RETURN(ctx, 4, r);
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
