-
Notifications
You must be signed in to change notification settings - Fork 712
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Signing Data using Private key #2880
Comments
I list the keys available on the token:
Data signing for the RSA PKCS mechanism must respect the key length (modulus). For a 2048-bit key, for example, this works: (Replace XXXXX with your pin, change the key ID according to your key that you found in the listing according to the example above).
|
Here is my response from my token:
So my command should be:
where XXXX is the pin. Correct? |
Tried it either way.
|
Here is another example (the mechanism has been changed to SHA1-RSA-PKCS, which allows us to sign any size of data):
The switches Any problem can only be clarified through the debug log, which can be obtained, for example, by following this procedure:
|
For some reason, it is not possible to select the relevant file.
I can't advise you more in this case. |
Thank you for your feedback. We will look into this internally. |
Hello, Attached please find debug.log file. We are trying to generate key pair using the command 00 46 and while trying to do that it is mandatory to do pin verification. The PIN is being requested by OpenSC once and then a second time it is being picked up from the cache on Line #3161. We want to be able to call the same pin verification command once again right after the selection of 3F 00 (on line 3195) and before calling the 00 46 command (on line 3311) Also we are not able to understand in the flow why is the 3F 00 selected a total of 3 times. We understand the first and the second time selection but not why the command is invoked on Line 3195. Kindly advice. |
The PIN you entered was correct, but it obviously doesn't allow generation of key. Maybe because you entered the user PIN instead of the SO PIN (depending on the card profile). If you need more advice, please open a new issue since the original question is solved. |
Hello,
We are trying to sign some data using Private Key stored on the token
As per this link:
https://gist.github.com/Jakuje/5a993d2b2d8a9cac35203599e49e6831
we created a command as below:
cat data | pkcs11-tool --id $ID -s -p $PIN -m RSA-PKCS > data.sig
When we run this command we are getting the below response:
Using slot 0 with a present token (0x0) Using signature algorithm RSA-PKCS error: PKCS11 function C_SignFinal failed: rv = CKR_ARGUMENTS_BAD (0x7) Aborting.
Not sure what we are missing.
Please advice.
The text was updated successfully, but these errors were encountered: