EstEID decipher problem

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

EstEID decipher problem

Leho Kraav
Hi


Scenario:

25.07.08 1:13:22 com.apple.SecurityServer[37]
ccid_usb.c:405:OpenUSBByName() Found Vendor/Product: 076B/1021 (OmniKey
CardMan 1021)
25.07.08 1:13:22 com.apple.SecurityServer[37]
ccid_usb.c:407:OpenUSBByName() Using USB bus/device:
005/002-076b-1021-00-00
25.07.08 1:13:30 com.apple.SecurityServer[37] reader OmniKey CardMan
1021 00 00 inserted token "ID-kaart" (NO UID) subservice 31 using driver
com.apple.tokend.opensc

Lets make a nice 77 byte uuencoded random key-

$ head -c 256 /dev/random | uuencode -m - | head -n 2 | tail -n 1 >
omnibook.key
$ ls -l omnibook.key
-rw-r--r--  1 lkraav  staff  77 25 juuli 01:28 omnibook.key

Thats cool, lets encrypt it with my public key inside my EstEID
certificate, which I pkcs15-tool'd out of my card before.

$ openssl rsautl -encrypt -inkey public.pem -certin -in omnibook.key
-out omnibook.ssl -pkcs
$ ls -l omnibook.ssl
-rw-r--r--  1 lkraav  staff  128 25 juuli 01:28 omnibook.ssl

I have a nice decryption capable private key on the card.

$ /Library/OpenSC/bin/pkcs15-tool -k
Private RSA Key [Isikutuvastus]
    Com. Flags  : 1
    Usage       : [0x3F], encrypt, decrypt, sign, signRecover, wrap, unwrap
    Access Flags: [0x1D], sensitive, alwaysSensitive, neverExtract, local
    ModLength   : 1024
    Key ref     : 1
    Native      : yes
    Path        :
    Auth ID     : 01
    ID          : 01

So I should be able to now decrypt this with my fancy EstEID smartcard,
right - this is what I get:

$ /Library/OpenSC/bin/pkcs15-crypt -c -k 1 --pkcs1 -i omnibook.ssl -o
omnibook.key2
Enter PIN [PIN1, Isikutuvastus]:
[pkcs15-crypt] iso7816.c:99:iso7816_check_sw: Record not found
[pkcs15-crypt] iso7816.c:155:iso7816_read_record: returning with: Record
not found
[pkcs15-crypt] card.c:601:sc_read_record: returning with: Record not found
[pkcs15-crypt] iso7816.c:99:iso7816_check_sw: Record not found
[pkcs15-crypt] iso7816.c:155:iso7816_read_record: returning with: Record
not found
[pkcs15-crypt] card.c:601:sc_read_record: returning with: Record not found
[pkcs15-crypt] apdu.c:341:sc_check_apdu: Invalid Case 4 short APDU:
cse=04 cla=00 ins=2a p1=80 p2=86 lc=129 le=1024
resp=0xbffff004 resplen=1024 data=0x3078f0 datalen=129
[pkcs15-crypt] card-mcrd.c:1319:mcrd_decipher: APDU transmit failed:
Invalid arguments
[pkcs15-crypt] sec.c:39:sc_decipher: returning with: Invalid arguments
[pkcs15-crypt] pkcs15-sec.c:125:sc_pkcs15_decipher: sc_decipher()
failed: Invalid arguments
Decrypt failed: Invalid arguments

So who's stupid here? EstEID smartcard, OpenSC, Card Reader, OS X, me,
who? What am I missing?
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: EstEID decipher problem

dvas0004
This post has NOT been accepted by the mailing list yet.
Hi,

I had the exact same problem, it turns out it was OpenSC and required building the latest version from source. I posted full troubleshooting details in a blog post here:

http://blog.davidvassallo.me/2016/03/23/common-operations-using-estonian-eid-linux/

Hope that helps... better late than never I guess

Rgds
Dave