Derive key with opensc

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Derive key with opensc

klc klc
Hi,

I tried to derive key with opensc v14.0 pkcs11-tool on PIV card.

First I generated ec key with openssl using these commands:

  • openssl ecparam -in secp384r1param.pem -genkey -noout -out secp384r1key.pem
  • openssl ec -in secp384r1key.pem -out secp384r1key.der -pubout -outform der
  • pkcs11-tool.exe --module opensc-pkcs11.dll --derive -l -pin #### -id 03 -i secp384r1key.der
This gave me error:
  • Cannot open n: m
Which basically says that it can't open the file. [origin: pkcs11-tool->derive_key()->BIO_read_filename(bio_in, opt_input)]

I tried with pem format & it gave me error: Cannot read EC key from secp384r1.pem

My question isĀ 
  • whether the format in which I am passing key to opensc is right?
  • Is there anything else I am missing to provide as an input to tool?
  • Is my operation correct?
Basically I am trying to write my own application with help of OpenSC implementation to derive a key. Following is the overview of the process I am trying to implement:
  • Application will receive x & y coordinate for EC public key.
  • Calculated EC key length with help of getEC_POINT() (modified received length as (length - 3) * 8 to adjust to EC key size (in this case 384 bits, I receive 51)).
  • Generated eckey according to key length with EC_KEY_new by_curve_name(NID_secp384r1) function.
  • Then called function EC_KEY_generate_key(eckey) function
  • ecgroup = EC_KEY_get0_group(eckey)
  • pub = EC_POINT_new(ecgroup)
  • Converted coordinates to big number with BN_bin2bn() function.
  • Computed octet string with EC_POINT_point2oct(ecgroup, pub, POINT_CONVERSION_UNCOMPRESSED, str_buf, str_buf_len, NULL). [Please note till this point execution goes successfully & I receive octet string].
  • Then according to opensc derive_key() function I coded new key template & ECDH parameters. I tried both mechanisms: CKM_ECDH1_COFACTOR_DERIVE, CKM_ECDH1_DERIVE
  • Till this point everything goes smoothly.
  • When call to C_DeriveKey() is made I get error as "Security status not satisfied" (Login is performed right before derive operation).
  • Transmitted APDU conforms to the NIST specification: 00 87 14 9D 67 7C 65 82 00 85 61 04 X-coordinate Y-coordinate (48 bytes each).
  • Received APDU is 69 82.
Also the private key field_length parameter in opensc is set to half of the EC key size. I get 192 bits for 384 bits EC key. Is this right? Is there any other function to retrieve actual value of EC key; as now I am modifying received value to drive successful execution (source: pkcs15-sec.c)

I tried to find help on this but to no avail. Can you please guide me on what might be the issue.

PS: I generated EC keys through Charismathics security token configurator & performing derive operation with key Management key.

Thanks,
K

------------------------------------------------------------------------------

_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Derive key with opensc

Douglas E Engert


On 11/10/2015 6:10 AM, klc klc wrote:
> Hi,
>
> I tried to derive key with opensc v14.0 pkcs11-tool on PIV card.
>
> First I generated ec key with openssl using these commands:
>
>   * openssl ecparam -in secp384r1param.pem -genkey -noout -out secp384r1key.pem
>   * openssl ec -in secp384r1key.pem -out secp384r1key.der -pubout -outform der

I think that is OK. An openssl asn1parse of the secp384r1key.der would help.

>   * pkcs11-tool.exe --module opensc-pkcs11.dll --derive -l -pin #### -id 03 -i secp384r1key.der

single letter options have a single -
Multiple letter options have --
-pin should be --pin
-id should be --id or -d

You also need -m ECDH1-COFACTOR-DERIVE

Or leave the pin out and let it prompt for the pin.
This may be the problem of Cannot open n: m



Can you use OpenSC-0.15.0 or the source from git?

I have used two PIV cards A and B to demonstrate that the same secret material can be returned
by OpenSC when card A is given card B's public key and card B is given card A's public key.
The public key is really the SPKI from the certificate.

I will post a test script after this.

>
> This gave me error:
>
>   * Cannot open n: m
>
> Which basically says that it can't open the file. [origin: pkcs11-tool->derive_key()->BIO_read_filename(bio_in, opt_input)]


>
> I tried with pem format & it gave me error: Cannot read EC key from secp384r1.pem
>
> My question is
>
>   * whether the format in which I am passing key to opensc is right?
>   * Is there anything else I am missing to provide as an input to tool?
>   * Is my operation correct?
>
> Basically I am trying to write my own application with help of OpenSC implementation to derive a key. Following is the overview of the process I am trying to implement:
>
>   * Application will receive x & y coordinate for EC public key.
>   * Calculated EC key length with help of getEC_POINT() (modified received length as (length - 3) * 8 to adjust to EC key size (in this case 384 bits, I receive 51)).

Not sure if this is correct. is 51 decimal or hex?

>   * Generated eckey according to key length with EC_KEY_new by_curve_name(NID_secp384r1) function.
>   * Then called function EC_KEY_generate_key(eckey) function
>   * ecgroup = EC_KEY_get0_group(eckey)
>   * pub = EC_POINT_new(ecgroup)
>   * Converted coordinates to big number with BN_bin2bn() function.
>   * Computed octet string with EC_POINT_point2oct(ecgroup, pub, POINT_CONVERSION_UNCOMPRESSED, str_buf, str_buf_len, NULL). [Please note till this point execution goes successfully & I receive octet
>     string].
>   * Then according to opensc derive_key() function I coded new key template & ECDH parameters. I tried both mechanisms: CKM_ECDH1_COFACTOR_DERIVE, CKM_ECDH1_DERIVE
>   * Till this point everything goes smoothly.
>   * When call to C_DeriveKey() is made I get error as "/Security status not satisfied/" (Login is performed right before derive operation).
>   * Transmitted APDU conforms to the NIST specification: 00 87 14 9D 67 7C 65 82 00 85 61 04 X-coordinate Y-coordinate (48 bytes each).

That sounds correct.
>   * Received APDU is 69 82.

Do you have an opensc-debug.log showing the verify and derive APDUs and responses?

>
> Also the private key field_length parameter in opensc is set to half of the EC key size. I get 192 bits for 384 bits EC key. Is this right? Is there any other function to retrieve actual value of EC
> key; as now I am modifying received value to drive successful execution (source: pkcs15-sec.c)
>
> I tried to find help on this but to no avail. Can you please guide me on what might be the issue.
>
> PS: I generated EC keys through Charismathics security token configurator & performing derive operation with key Management key.
>
> Thanks,
> K
>
>
> ------------------------------------------------------------------------------
>
>
>
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>

--

  Douglas E. Engert  <[hidden email]>


------------------------------------------------------------------------------
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Derive key with opensc

Douglas E Engert
In reply to this post by klc klc
You may also want to look at NIST 800-56A
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar2.pdf

"6 Key Agreement"

In effect a PIV card has a static key pair.
OpenSC derive is just enough to use the key from the card and ECC CDH


http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-73-4.pdf
"A.5.2.1 ECDH with the PIV KMK"

On 11/10/2015 6:10 AM, klc klc wrote:

> Hi,
>
> I tried to derive key with opensc v14.0 pkcs11-tool on PIV card.
>
> First I generated ec key with openssl using these commands:
>
>   * openssl ecparam -in secp384r1param.pem -genkey -noout -out secp384r1key.pem
>   * openssl ec -in secp384r1key.pem -out secp384r1key.der -pubout -outform der
>   * pkcs11-tool.exe --module opensc-pkcs11.dll --derive -l -pin #### -id 03 -i secp384r1key.der
>
> This gave me error:
>
>   * Cannot open n: m
>
> Which basically says that it can't open the file. [origin: pkcs11-tool->derive_key()->BIO_read_filename(bio_in, opt_input)]
>
> I tried with pem format & it gave me error: Cannot read EC key from secp384r1.pem
>
> My question is
>
>   * whether the format in which I am passing key to opensc is right?
>   * Is there anything else I am missing to provide as an input to tool?
>   * Is my operation correct?
>
> Basically I am trying to write my own application with help of OpenSC implementation to derive a key. Following is the overview of the process I am trying to implement:
>
>   * Application will receive x & y coordinate for EC public key.
>   * Calculated EC key length with help of getEC_POINT() (modified received length as (length - 3) * 8 to adjust to EC key size (in this case 384 bits, I receive 51)).
>   * Generated eckey according to key length with EC_KEY_new by_curve_name(NID_secp384r1) function.
>   * Then called function EC_KEY_generate_key(eckey) function
>   * ecgroup = EC_KEY_get0_group(eckey)
>   * pub = EC_POINT_new(ecgroup)
>   * Converted coordinates to big number with BN_bin2bn() function.
>   * Computed octet string with EC_POINT_point2oct(ecgroup, pub, POINT_CONVERSION_UNCOMPRESSED, str_buf, str_buf_len, NULL). [Please note till this point execution goes successfully & I receive octet
>     string].
>   * Then according to opensc derive_key() function I coded new key template & ECDH parameters. I tried both mechanisms: CKM_ECDH1_COFACTOR_DERIVE, CKM_ECDH1_DERIVE
>   * Till this point everything goes smoothly.
>   * When call to C_DeriveKey() is made I get error as "/Security status not satisfied/" (Login is performed right before derive operation).
>   * Transmitted APDU conforms to the NIST specification: 00 87 14 9D 67 7C 65 82 00 85 61 04 X-coordinate Y-coordinate (48 bytes each).
>   * Received APDU is 69 82.
>
> Also the private key field_length parameter in opensc is set to half of the EC key size. I get 192 bits for 384 bits EC key. Is this right? Is there any other function to retrieve actual value of EC
> key; as now I am modifying received value to drive successful execution (source: pkcs15-sec.c)
>
> I tried to find help on this but to no avail. Can you please guide me on what might be the issue.
>
> PS: I generated EC keys through Charismathics security token configurator & performing derive operation with key Management key.
>
> Thanks,
> K
>
>
> ------------------------------------------------------------------------------
>
>
>
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>

--

  Douglas E. Engert  <[hidden email]>


------------------------------------------------------------------------------
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel