-
Notifications
You must be signed in to change notification settings - Fork 712
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Private Key Objects of D-TRUST Card 4.1 Multi ECC 2 are not regcognized #3031
Comments
There is a flag - if (!info.field_length && ec_domain_len) {
+ if (info.field_length == 0 && asn1_prkey[3].flags & SC_ASN1_PRESENT && ec_domain_len) { |
hamarituc
added a commit
to hamarituc/OpenSC
that referenced
this issue
Feb 16, 2024
3 tasks
hamarituc
added a commit
to hamarituc/OpenSC
that referenced
this issue
Feb 16, 2024
Jakuje
pushed a commit
that referenced
this issue
Feb 21, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Problem Description
I am trying to implement the D-Trust signatur cards using ECC algorithms (Multicard and Multicard 100). The private key objects are not recognized by
pkcs15-tool
.Steps to reproduce
pkcs15-tool -D
Logs
The content of the private key description object is as follows.
Proposed Resolution
I nailed down the problem to
sc_pkcs15_decode_prkdf_entry()
insrc/libopensc/pkcs15-prkey.c
.As no field size is specified in the private key object,
!info.field_length
evaluates to true andec_domain_len
has still its initial value 32 (size of the bufferec_domain
) since no EC domain is specified in the private key object. Thus theif
-clause is entered and bails out becaused2i_ASN1_OBJECT()
returnsNULL
.The code was introduced in commit 4b2ef66.
I am unsure how to fix it. In my opinion
ec_domain_len
has to be set to 0 if no EC domain is specified. Is there a possibility to do that withsc_format_asn1_entry()
as the call tosc_format_asn1_entry(asn1_ecckey_attr + 3, ec_domain, &ec_domain_len, 0);
seems to leaveec_domain_len
unchanged if the tag is not present?If I comment out the
if
-clause above, the private keys are recognized as expected.The text was updated successfully, but these errors were encountered: