Menu
▾
▴
[Opensc-devel] Decrypt with private key
|
From: Emmanuel N. de L. F. <emm...@se...> - 2015-09-02 18:32:56
|
Hi, a have file encrypted file with public key and want to decrypt with private key of my smartcard. I tried this command but it fail.
$ pkcs11-tool --module /usr/lib/watchdata/ICP/lib/libwdpkcs_icp.so -l --pin MYPASSWD -m RSA-X-509 --usage-decrypt --id 10 -i /tmp/a -o /tmp/b
What's wrong? How to do that?
Some data:
$ pkcs11-tool --module /usr/lib/watchdata/ICP/lib/libwdpkcs_icp.so -l --pin MYPASSWD -O
Using slot 0 with a present token (0x1)
Private Key Object; RSA
label:
ID: 28313232393537302920454d4d414e55454c204e415a4152454e4f204445204c494d4120464552524f
Usage: decrypt, sign, unwrap
warning: PKCS11 function C_GetAttributeValue(ALWAYS_AUTHENTICATE) failed: rv = CKR_ATTRIBUTE_TYPE_INVALID (0x12)
Private Key Object; RSA
label:
ID: 10
Usage: decrypt, sign, unwrap
warning: PKCS11 function C_GetAttributeValue(ALWAYS_AUTHENTICATE) failed: rv = CKR_ATTRIBUTE_TYPE_INVALID (0x12)
Private Key Object; RSA
label:
ID: 10
Usage: decrypt, sign, unwrap
warning: PKCS11 function C_GetAttributeValue(ALWAYS_AUTHENTICATE) failed: rv = CKR_ATTRIBUTE_TYPE_INVALID (0x12)
Private Key Object; RSA
label:
ID: 10
Usage: decrypt, sign, unwrap
warning: PKCS11 function C_GetAttributeValue(ALWAYS_AUTHENTICATE) failed: rv = CKR_ATTRIBUTE_TYPE_INVALID (0x12)
Private Key Object; RSA
label:
ID: 10
Usage: decrypt, sign, unwrap
warning: PKCS11 function C_GetAttributeValue(ALWAYS_AUTHENTICATE) failed: rv = CKR_ATTRIBUTE_TYPE_INVALID (0x12)
Private Key Object; RSA
label:
ID: 10
Usage: decrypt, sign, unwrap
warning: PKCS11 function C_GetAttributeValue(ALWAYS_AUTHENTICATE) failed: rv = CKR_ATTRIBUTE_TYPE_INVALID (0x12)
Public Key Object; RSA 2048 bits
label:
Usage: encrypt, verify, wrap
Certificate Object, type = X.509 cert
label: (1229570) EMMANUEL NAZARENO DE LIMA FERRO
ID: 28313232393537302920454d4d414e55454c204e415a4152454e4f204445204c494d4120464552524f
Public Key Object; RSA 1024 bits
label:
ID: 10
Usage: encrypt, verify, wrap
Public Key Object; RSA 1024 bits
label:
ID: 10
Usage: encrypt, verify, wrap
Public Key Object; RSA 1024 bits
label:
ID: 10
Usage: encrypt, verify, wrap
Public Key Object; RSA 1024 bits
label:
ID: 10
Usage: encrypt, verify, wrap
Public Key Object; RSA 1024 bits
label:
ID: 10
Usage: encrypt, verify, wrap
$ pkcs11-tool --module /usr/lib/watchdata/ICP/lib/libwdpkcs_icp.so -l --pin MYPASSWD -M
Using slot 0 with a present token (0x1)
Supported mechanisms:
RSA-PKCS-KEY-PAIR-GEN, keySize={1024,1024}, hw, generate_key_pair
DES-KEY-GEN, hw, generate
AES-KEY-GEN, hw, generate
mechtype-2147483649, hw, generate
DES3-KEY-GEN, hw, generate
RSA-PKCS, keySize={1024,1024}, hw, encrypt, decrypt, sign, sign_recover, verify, verify_recover, wrap, unwrap
RSA-X-509, keySize={1024,1024}, hw, encrypt, decrypt, sign, sign_recover, verify, verify_recover, wrap, unwrap
MD2-RSA-PKCS, keySize={512,2048}, hw, sign, verify
MD5-RSA-PKCS, keySize={512,2048}, hw, sign, verify
SHA1-RSA-PKCS, keySize={512,2048}, hw, sign, verify
SHA256-RSA-PKCS, keySize={512,2048}, hw, sign, verify
DES-ECB, hw, encrypt, decrypt, wrap, unwrap
DES-CBC, hw, encrypt, decrypt, wrap, unwrap
DES-CBC-PAD, hw, encrypt, decrypt, wrap, unwrap
mechtype-2147483650, hw, encrypt, decrypt, wrap, unwrap
mechtype-2147483651, hw, encrypt, decrypt, wrap, unwrap
mechtype-2147483652, hw, encrypt, decrypt, wrap, unwrap
mechtype-2147483655, hw, encrypt, decrypt, wrap, unwrap
mechtype-2147483656, hw, encrypt, decrypt, wrap, unwrap
mechtype-2147483657, hw, encrypt, decrypt, wrap, unwrap
AES-ECB, hw, encrypt, decrypt, wrap, unwrap
AES-CBC, hw, encrypt, decrypt, wrap, unwrap
AES-CBC-PAD, hw, encrypt, decrypt, wrap, unwrap
DES3-ECB, hw, encrypt, decrypt, wrap, unwrap
DES3-CBC, hw, encrypt, decrypt, wrap, unwrap
DES3-CBC-PAD, hw, encrypt, decrypt, wrap, unwrap
SHA-1, hw, digest
SHA-1-HMAC, hw, sign, verify
SHA-1-HMAC-GENERAL, hw, sign, verify
MD2, hw, digest
MD2-HMAC, hw, sign, verify
MD2-HMAC-GENERAL, hw, sign, verify
MD5, hw, digest
MD5-HMAC, hw, sign, verify
MD5-HMAC-GENERAL, hw, sign, verify
SSL3-PRE-MASTER-KEY-GEN, keySize={48,48}, hw, generate
SSL3-MASTER-KEY-DERIVE, keySize={48,48}, hw, derive
SSL3-KEY-AND-MAC-DERIVE, keySize={48,48}, hw, derive
SSL3-MD5-MAC, keySize={384,384}, hw, sign, verify
SSL3-SHA1-MAC, keySize={384,384}, hw, sign, verify
SHA256, hw, digest
mechtype-593, hw, sign, verify
mechtype-594, hw, sign, verify
--
--
Se você quer ir rápido, vá sozinho. Se quer ir longe, vá acompanhado." (provérbio africano)
--------------------------------------------------------------------------------
Emmanuel Ferro
SERPRO - Escritório São Luís
SUPOP/OPFLA/OPSLS
Comitê Regional de Software Livre
--------------------------------------------------------------------------------
-
"Esta mensagem do SERVIÇO FEDERAL DE PROCESSAMENTO DE DADOS (SERPRO), empresa pública federal regida pelo disposto na Lei Federal nº 5.615, é enviada exclusivamente a seu destinatário e pode conter informações confidenciais, protegidas por sigilo profissional. Sua utilização desautorizada é ilegal e sujeita o infrator às penas da lei. Se você a recebeu indevidamente, queira, por gentileza, reenviá-la ao emitente, esclarecendo o equívoco."
"This message from SERVIÇO FEDERAL DE PROCESSAMENTO DE DADOS (SERPRO) -- a government company established under Brazilian law (5.615/70) -- is directed exclusively to its addressee and may contain confidential data, protected under professional secrecy rules. Its unauthorized use is illegal and may subject the transgressor to the law's penalties. If you're not the addressee, please send it back, elucidating the failure."
|
