Menu

#92 xca doesn't like EC key pair on SmartCard-HSM

v1.0_(example)
closed-fixed
nobody
None
5
2014-11-22
2014-04-14
Leonardo Brondani Schenkel
No

xca 0.9.3 (32-bit) + opensc 0.13.0g20140316163538 (32-bit) on Windows 8.1 (64-bit).
SmartCard-HSM with single EC key pair (curve secp256r1/prime256v1).

When invoking Token/Manage Security token:

The following error occured:
(pki_scard:)
error:10067066:elliptic curve routines:ec_GFp_simple_oct2point:invalid encoding

(pki_scard.cpp:136)

Output from pkcs11-tool --module opensc-pkcs11.dll -O:

Private Key Object; EC
label: Private Key
ID: 02f02346a01f7795cdc6d74a24adbc5ed5943ee2
Usage: decrypt, sign, unwrap
Public Key Object; EC EC_POINT 256 bits
EC_POINT: 04410431719bc40fe562ada167e235bac8c0cfe70646572f4f99a28dc537f6d777822be7ace0a21386861dca39af008d78ab1e97c6e07b0df520f018cbdbc0dc12b7ea
EC_PARAMS: 06082a8648ce3d030107
label: Private Key
ID: 02f02346a01f7795cdc6d74a24adbc5ed5943ee2
Usage: none

Tested with different curves and key usages with the same results.

Discussion

  • Christian Hohnstaedt

    Christian Hohnstaedt - 2014-04-14

    Yes, this is true. EC keys on SmartCards are not supported, yet.
    See Feature request http://sourceforge.net/p/xca/feature-requests/74/

     

  • Christian Hohnstaedt

    Christian Hohnstaedt - 2014-11-22
    • status: open --> closed-fixed
     

  • Christian Hohnstaedt

    Christian Hohnstaedt - 2014-11-22

    commit baa45e7f6212bb614ccb21a6b6b9d33a4a3f1382
    Author: Christian Hohnstaedt chohnstaedt@innominate.com
    Date: Sat Oct 25 13:48:45 2014 +0200

    PKCS#11: Fix reading EC keys from card