Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable CoolKey driver to handle 2048-bit keys. #1532

Merged
merged 1 commit into from
Nov 19, 2018
Merged

Enable CoolKey driver to handle 2048-bit keys. #1532

merged 1 commit into from
Nov 19, 2018

Conversation

srsross
Copy link
Contributor

@srsross srsross commented Nov 14, 2018
edited
Loading

For a problem description, see #1524.
In a nutshell, for a card with the CoolKey applet and 2048-bit keys,
the command
pkcs11-tool --test --login
fails to complete all of its tests.

This commit consists of a patch from @dengert.

To avoid triggering an error when the data exceeds 255 bytes, this commit
limits the amount of the payload sent to the CoolKey applet on the card based
on the maximum amount of data that the card can receive, and overhead bytes
(namely, a header and nonce) that accompany the payload.

With this change, the command
pkcs11-tool --test --login
succeeds.

Fixes #1524

$ /usr/local/bin/opensc-tool -n 
Using reader with a card: SCM Microsystems Inc. SCR 3310 [CCID Interface] (53311549211601) 00 00
COOLKEY
Checklist
  • Documentation is added or updated
  • New files have a LGPL 2.1 license statement
  • PKCS#11 module is tested
  • Windows minidriver is tested
  • macOS tokend is tested

@srsross
Enable CoolKey driver to handle 2048-bit keys.
6c1b909 
For a problem description, see <OpenSC#1524>.
In a nutshell, for a card with the CoolKey applet and 2048-bit keys,
the command
	pkcs11-tool --test --login
fails to complete all of its tests.

This commit consists of a patch from @dengert.

To avoid triggering an error when the data exceeds 255 bytes, this commit
limits the amount of the payload sent to the CoolKey applet on the card based
on the maximum amount of data that the card can receive, and overhead bytes
(namely, a header and nonce) that accompany the payload.

With this change, the command
	pkcs11-tool --test --login
succeeds.
@srsross srsross mentioned this pull request Nov 14, 2018
Closed
@Jakuje
Copy link
Member

Jakuje commented Nov 19, 2018
edited
Loading

Looks good to me. Tested with my Coolkey card and works fine. Thanks.

I updated the list of supported drivers in wiki by adding the CAC and Coolkey mentions, but the articles are really just stubs so some extension would be appreciated, especially if you have some more information where the Coolkey and CAC cards are used (NIPR, SIPR, ...).

@frankmorgner frankmorgner merged commit abdbb9d into OpenSC:master Nov 19, 2018
@frankmorgner
Copy link
Member

thanks

@srsross srsross deleted the 2048-bit-key-for-coolkey branch November 28, 2018 23:11
@frankmorgner frankmorgner mentioned this pull request Sep 5, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@frankmorgner frankmorgner frankmorgner approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

"pkcs11-tool --test" fails with a SIPR card
3 participants
@srsross @Jakuje @frankmorgner