Bug in pkcs15-tool

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Bug in pkcs15-tool

Peter Koch

Hello all

In order to use PuTTYcard (an extension to PuTTY that allows
smartcard owner to user their keys with pageant.exe)
one needs to know the exact location of the private key,
the public key and the pin that protecs the private key.

This is because PuTTYcard does not use OpenSC-libraries
and is not PKCS#15-compatible but talks directly to the
smartcart via PS/SC-API.

Now to find these exact locations I use pkcs15-tool.

Jari Heikkinen sent me the following output so I could give
him some advice about these location.

Maybe there's a bug in pkcs15-tool. Have a look at
Jaris output:

# pkcs15-tool --list-keys
Private RSA Key [Private Key]
        Com. Flags  : 3
        Usage       : [0x22E], decrypt, sign, signRecover, unwrap, nonRepudiation
        Access Flags: [0x1D], sensitive, alwaysSensitive, neverExtract, local
        ModLength   : 2048
        Key ref     : 0
        Native      : yes
        Path        : 3F0050154B0130450012
        Auth ID     : 01
        ID          : 45

# pkcs15-tool --list-public-keys
Public RSA Key [Public Key]
        Com. Flags  : 2
        Usage       : [0x2D1], encrypt, wrap, verify, verifyRecover, nonRepudiation
        Access Flags: [0x0]
        ModLength   : 2048
        Key ref     : 0
        Native      : no
        Path        : 3F0050154445
        Auth ID     :
        ID          : 45

h8 ~ # pkcs15-tool --list-pins
PIN [sshbak1]
        Com. Flags: 0x3
        Auth ID   : 01
        Flags     : [0x32], local, initialized, needs-padding
        Length    : min_len:4, max_len:8, stored_len:8
        Pad char  : 0x00
        Reference : 1
        Type      : -1
        Path      : 3F0050154B01
        Tries left: -1

# pkcs15-tool --list-certificates
X.509 Certificate [Certificate]
        Flags    : 2
        Authority: no
        Path     : 3F0050154545
        ID       : 45


Public key, PIN and certificates are all stored in DF 3F00:5015
but the private key is 0012 in 3F00:5015:4B01:3045 ????

Also 3F00:5015:4B01 cannot be both a DF and a PIN-file

If you agree that this is indeed a bug I will try to fix it.

Peter Koch
_________________________________________________________________________
Mit der Gruppen-SMS von WEB.DE FreeMail k├Ânnen Sie eine SMS an alle
Freunde gleichzeitig schicken: http://freemail.web.de/features/?mc=021179



_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Bug in pkcs15-tool

Nils Larsch
Peter Koch wrote:

> Hello all
>
> In order to use PuTTYcard (an extension to PuTTY that allows
> smartcard owner to user their keys with pageant.exe)
> one needs to know the exact location of the private key,
> the public key and the pin that protecs the private key.
>
> This is because PuTTYcard does not use OpenSC-libraries
> and is not PKCS#15-compatible but talks directly to the
> smartcart via PS/SC-API.
>
> Now to find these exact locations I use pkcs15-tool.
>
> Jari Heikkinen sent me the following output so I could give
> him some advice about these location.
>
> Maybe there's a bug in pkcs15-tool. Have a look at
> Jaris output:
>
> # pkcs15-tool --list-keys
> Private RSA Key [Private Key]
>         Com. Flags  : 3
>         Usage       : [0x22E], decrypt, sign, signRecover, unwrap, nonRepudiation
>         Access Flags: [0x1D], sensitive, alwaysSensitive, neverExtract, local
>         ModLength   : 2048
>         Key ref     : 0
>         Native      : yes
>         Path        : 3F0050154B0130450012
>         Auth ID     : 01
>         ID          : 45
>
> # pkcs15-tool --list-public-keys
> Public RSA Key [Public Key]
>         Com. Flags  : 2
>         Usage       : [0x2D1], encrypt, wrap, verify, verifyRecover, nonRepudiation
>         Access Flags: [0x0]
>         ModLength   : 2048
>         Key ref     : 0
>         Native      : no
>         Path        : 3F0050154445
>         Auth ID     :
>         ID          : 45
>
> h8 ~ # pkcs15-tool --list-pins
> PIN [sshbak1]
>         Com. Flags: 0x3
>         Auth ID   : 01
>         Flags     : [0x32], local, initialized, needs-padding
>         Length    : min_len:4, max_len:8, stored_len:8
>         Pad char  : 0x00
>         Reference : 1
>         Type      : -1
>         Path      : 3F0050154B01
>         Tries left: -1
>
> # pkcs15-tool --list-certificates
> X.509 Certificate [Certificate]
>         Flags    : 2
>         Authority: no
>         Path     : 3F0050154545
>         ID       : 45
>
>
> Public key, PIN and certificates are all stored in DF 3F00:5015
> but the private key is 0012 in 3F00:5015:4B01:3045 ????

what kind of card is it ?

>
> Also 3F00:5015:4B01 cannot be both a DF and a PIN-file

well, if the pin is stored in an internal file located in this
directoy this output makes sense

Nils
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel