Menu
▾
▴
Re: [Opensc-devel] Issue with signatures with D-TRUST card 3.0 (STARCOS 3.4) smart card
|
From: Douglas E E. <dee...@gm...> - 2015-11-18 19:33:29
|
One of the sign operations looks like it works. Data to be signed 7648 7691. Response with the signature 7691. PKCS#11 return 7722 and Start of failed sign 7773 data to be signed 7842 response 7849 with 7982 PKCS#11 return 9868 It could be that the newer card wants CKA_ALWAYS_AUTHENTICATE = TRUE, which is called in PKCS#15 user_consent. CKA_ALWAYS_AUTHENTICATE says the card requires the PIN to have been sent before each crypto operation for the selected key. pkcs11-tool.c line 3675 if (getALWAYS_AUTHENTICATE(sess, privKeyObject)) is asking if pin needs to be sent again. When uses without a pin pad reader, the PIN may have been cached, and sc_pkcs15_pincache_revalidate may have provided the pin without you knowledge. With a pin pad reader, the pin can not be cached, it never enters the host computer. Some simple things to try to prove the above is the problem. Use a non pinpad reader. If that works look at the log for the sc_pkcs15_pincache_revalidate being called and providing the key. then try uncomenting in opensc.conf this line. # use_pin_caching = false; it should fail, with sc_pkcs15_pincache_revalidate saying there is not pin cached. On 11/18/2015 7:13 AM, Ferdinand Rau wrote: > Hello Andreas, > > I took a step back and tried to get things working just using the commend line tools, but without success. > Eventually, I found out that I cannot even run 'pkcs11-tool --test' successfully. > > Here, you can download a log file of a failed 'pkcs11-tool --test' with OPENSC_DEBUG=9: > https://www.dropbox.com/s/3jhe77n5ri1674k/log.txt.zip?dl=1 > > The reader does ask for the PIN and reports "PIN correct", but the test fails anyway with the following message: >> error: PKCS11 function C_Sign failed: rv = CKR_USER_NOT_LOGGED_IN (0x101) > > Best regards, > Ferdinand > > ------------------------------------------------------------------------------ > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel > -- Douglas E. Engert <DEE...@gm...> |
