Am Dienstag 08 Dezember 2009 13:39:29 schrieb Dominik Fischer: > Why do I think it should work: Under RHEL5 it works with the same card and > the following software versions: * opensc-0.11.1 > * ccid-1.0.1 > * pcsc-lite-1.3.1-7 > > Are there any changes (since these versions) regarding signing or > card-handling that could explain the error?
hmm, then it looks like an error in opensc (since there is no large APDU or strange reader or communication error, it is unlikely an openct vs. pcsclite+ccid issue). opensc 0.11.1 is from 2007, so lots of code changed in total, so it isn't easy to find what the cause is. changes to starcos driver itself are very small, so those are unlikely. do you still have that RHEL5 machine? if you had a debug log from it too, that could help in seeing what changed. the interesting parts start with the first "C_Sign" line. I don't know much about starcos, but with most cards you need to call "VERIFY" first to authenticate, and then run some signing function. 6f 05 means (starcos spk 2.4 manual): no security environment or security environment invalid. that last APDU is the signing command, and before it is the "manage security environment" command, but I don't understand the parameters (03 80 01 01) look strange. the code in card-statcos.c (look for "COMPUTE SIGNATURE" looks like it placesthe env->algorith_ref in there, so that looks wrong. why don't you run pkcs11-tool with the proper "-m" argument for MD5 (I think MD5 has a 56 bit hash, so that would fit your 7 bytes). "pkcs11-tool -M" will show all mechanism, so you can pick the right one. maybe that helps? Regards, Andreas _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
