Decrypt with private key

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Decrypt with private key

eferro
Hi, a have file encrypted file with public key and want to decrypt with private key of my smartcard. I tried this command but it fail.

$ pkcs11-tool --module /usr/lib/watchdata/ICP/lib/libwdpkcs_icp.so -l --pin MYPASSWD -m RSA-X-509 --usage-decrypt --id 10 -i /tmp/a -o /tmp/b

What's wrong? How to do that?

Some data:
$ pkcs11-tool --module /usr/lib/watchdata/ICP/lib/libwdpkcs_icp.so -l --pin MYPASSWD -O
Using slot 0 with a present token (0x1)
Private Key Object; RSA
  label:     
  ID:         28313232393537302920454d4d414e55454c204e415a4152454e4f204445204c494d4120464552524f
  Usage:      decrypt, sign, unwrap
warning: PKCS11 function C_GetAttributeValue(ALWAYS_AUTHENTICATE) failed: rv = CKR_ATTRIBUTE_TYPE_INVALID (0x12)

Private Key Object; RSA
  label:     
  ID:         10
  Usage:      decrypt, sign, unwrap
warning: PKCS11 function C_GetAttributeValue(ALWAYS_AUTHENTICATE) failed: rv = CKR_ATTRIBUTE_TYPE_INVALID (0x12)

Private Key Object; RSA
  label:     
  ID:         10
  Usage:      decrypt, sign, unwrap
warning: PKCS11 function C_GetAttributeValue(ALWAYS_AUTHENTICATE) failed: rv = CKR_ATTRIBUTE_TYPE_INVALID (0x12)

Private Key Object; RSA
  label:     
  ID:         10
  Usage:      decrypt, sign, unwrap
warning: PKCS11 function C_GetAttributeValue(ALWAYS_AUTHENTICATE) failed: rv = CKR_ATTRIBUTE_TYPE_INVALID (0x12)

Private Key Object; RSA
  label:     
  ID:         10
  Usage:      decrypt, sign, unwrap
warning: PKCS11 function C_GetAttributeValue(ALWAYS_AUTHENTICATE) failed: rv = CKR_ATTRIBUTE_TYPE_INVALID (0x12)

Private Key Object; RSA
  label:     
  ID:         10
  Usage:      decrypt, sign, unwrap
warning: PKCS11 function C_GetAttributeValue(ALWAYS_AUTHENTICATE) failed: rv = CKR_ATTRIBUTE_TYPE_INVALID (0x12)

Public Key Object; RSA 2048 bits
  label:     
  Usage:      encrypt, verify, wrap
Certificate Object, type = X.509 cert
  label:      (1229570) EMMANUEL NAZARENO DE LIMA FERRO
  ID:         28313232393537302920454d4d414e55454c204e415a4152454e4f204445204c494d4120464552524f
Public Key Object; RSA 1024 bits
  label:     
  ID:         10
  Usage:      encrypt, verify, wrap
Public Key Object; RSA 1024 bits
  label:     
  ID:         10
  Usage:      encrypt, verify, wrap
Public Key Object; RSA 1024 bits
  label:     
  ID:         10
  Usage:      encrypt, verify, wrap
Public Key Object; RSA 1024 bits
  label:     
  ID:         10
  Usage:      encrypt, verify, wrap
Public Key Object; RSA 1024 bits
  label:     
  ID:         10
  Usage:      encrypt, verify, wrap

$ pkcs11-tool --module /usr/lib/watchdata/ICP/lib/libwdpkcs_icp.so -l --pin MYPASSWD -M
Using slot 0 with a present token (0x1)
Supported mechanisms:
  RSA-PKCS-KEY-PAIR-GEN, keySize={1024,1024}, hw, generate_key_pair
  DES-KEY-GEN, hw, generate
  AES-KEY-GEN, hw, generate
  mechtype-2147483649, hw, generate
  DES3-KEY-GEN, hw, generate
  RSA-PKCS, keySize={1024,1024}, hw, encrypt, decrypt, sign, sign_recover, verify, verify_recover, wrap, unwrap
  RSA-X-509, keySize={1024,1024}, hw, encrypt, decrypt, sign, sign_recover, verify, verify_recover, wrap, unwrap
  MD2-RSA-PKCS, keySize={512,2048}, hw, sign, verify
  MD5-RSA-PKCS, keySize={512,2048}, hw, sign, verify
  SHA1-RSA-PKCS, keySize={512,2048}, hw, sign, verify
  SHA256-RSA-PKCS, keySize={512,2048}, hw, sign, verify
  DES-ECB, hw, encrypt, decrypt, wrap, unwrap
  DES-CBC, hw, encrypt, decrypt, wrap, unwrap
  DES-CBC-PAD, hw, encrypt, decrypt, wrap, unwrap
  mechtype-2147483650, hw, encrypt, decrypt, wrap, unwrap
  mechtype-2147483651, hw, encrypt, decrypt, wrap, unwrap
  mechtype-2147483652, hw, encrypt, decrypt, wrap, unwrap
  mechtype-2147483655, hw, encrypt, decrypt, wrap, unwrap
  mechtype-2147483656, hw, encrypt, decrypt, wrap, unwrap
  mechtype-2147483657, hw, encrypt, decrypt, wrap, unwrap
  AES-ECB, hw, encrypt, decrypt, wrap, unwrap
  AES-CBC, hw, encrypt, decrypt, wrap, unwrap
  AES-CBC-PAD, hw, encrypt, decrypt, wrap, unwrap
  DES3-ECB, hw, encrypt, decrypt, wrap, unwrap
  DES3-CBC, hw, encrypt, decrypt, wrap, unwrap
  DES3-CBC-PAD, hw, encrypt, decrypt, wrap, unwrap
  SHA-1, hw, digest
  SHA-1-HMAC, hw, sign, verify
  SHA-1-HMAC-GENERAL, hw, sign, verify
  MD2, hw, digest
  MD2-HMAC, hw, sign, verify
  MD2-HMAC-GENERAL, hw, sign, verify
  MD5, hw, digest
  MD5-HMAC, hw, sign, verify
  MD5-HMAC-GENERAL, hw, sign, verify
  SSL3-PRE-MASTER-KEY-GEN, keySize={48,48}, hw, generate
  SSL3-MASTER-KEY-DERIVE, keySize={48,48}, hw, derive
  SSL3-KEY-AND-MAC-DERIVE, keySize={48,48}, hw, derive
  SSL3-MD5-MAC, keySize={384,384}, hw, sign, verify
  SSL3-SHA1-MAC, keySize={384,384}, hw, sign, verify
  SHA256, hw, digest
  mechtype-593, hw, sign, verify
  mechtype-594, hw, sign, verify



--
--
“Se você quer ir rápido, vá sozinho. Se quer ir longe, vá acompanhado." (provérbio africano)
--------------------------------------------------------------------------------
Emmanuel Ferro
SERPRO - Escritório São Luís
SUPOP/OPFLA/OPSLS
Comitê Regional de Software Livre
--------------------------------------------------------------------------------


-


"Esta mensagem do SERVIÇO FEDERAL DE PROCESSAMENTO DE DADOS (SERPRO), empresa pública federal regida pelo disposto na Lei Federal nº 5.615, é enviada exclusivamente a seu destinatário e pode conter informações confidenciais, protegidas por sigilo profissional. Sua utilização desautorizada é ilegal e sujeita o infrator às penas da lei. Se você a recebeu indevidamente, queira, por gentileza, reenviá-la ao emitente, esclarecendo o equívoco."

"This message from SERVIÇO FEDERAL DE PROCESSAMENTO DE DADOS (SERPRO) -- a government company established under Brazilian law (5.615/70) -- is directed exclusively to its addressee and may contain confidential data, protected under professional secrecy rules. Its unauthorized use is illegal and may subject the transgressor to the law's penalties. If you're not the addressee, please send it back, elucidating the failure."

------------------------------------------------------------------------------
Monitor Your Dynamic Infrastructure at Any Scale With Datadog!
Get real-time metrics from all of your servers, apps and tools
in one place.
SourceForge users - Click here to start your Free Trial of Datadog now!
http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel