Failed to sign with an IAS_ECC card

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Failed to sign with an IAS_ECC card

forje
Hi all,

I am new to this kind of application and I am trying to generate a signature with a Gemalto IAS_ECC card and the pkcs15-crypt command line tool (opensc v0.2.12).

The command fails saying that the specified key is not allowed to sign.

Here is the command I execute:
pkcs15-crypt --aid 4543432047656E6572696320504B49 -k __key_id__--sign --pkcs1 --sha-1 --input data_to_sign --output signature

Here is an extract of the generated trace that I think relevant:

09:36:31.995 [pkcs15-crypt] reader-pcsc.c:176:pcsc_internal_transmit: called
09:36:32.002 [pkcs15-crypt] apdu.c:184:sc_apdu_log:
Incoming APDU data [   27 bytes] =====================================
70 17 BF 90 01 13 A0 11 9E 01 00 80 02 00 80 A1 p...............
08 8C 06 BB 13 13 13 13 00 90 00                ...........
======================================================================
09:36:32.003 [pkcs15-crypt] card.c:330:sc_unlock: called
09:36:32.003 [pkcs15-crypt] card.c:330:sc_unlock: called
09:36:32.003 [pkcs15-crypt] iasecc-sdo.c:701:iasecc_sdo_parse: called
09:36:32.003 [pkcs15-crypt] iasecc-sdo.c:709:iasecc_sdo_parse: IASECC_SDO_TEMPLATE: size 23, size_size 1
09:36:32.003 [pkcs15-crypt] iasecc-sdo.c:727:iasecc_sdo_parse: sz 19, sz_size 1
09:36:32.003 [pkcs15-crypt] iasecc-sdo.c:623:iasecc_sdo_parse_data: called
09:36:32.003 [pkcs15-crypt] iasecc-sdo.c:624:iasecc_sdo_parse_data: iasecc_sdo_parse_data() class 10; ref 1
09:36:32.003 [pkcs15-crypt] iasecc-sdo.c:404:iasecc_parse_get_tlv: iasecc_parse_get_tlv() called for tag 0xA0
09:36:32.003 [pkcs15-crypt] iasecc-sdo.c:414:iasecc_parse_get_tlv: iasecc_parse_get_tlv() tlv->tag 0xA0
09:36:32.003 [pkcs15-crypt] iasecc-sdo.c:425:iasecc_parse_get_tlv: iasecc_parse_get_tlv() parsed 19 bytes
09:36:32.003 [pkcs15-crypt] iasecc-sdo.c:629:iasecc_sdo_parse_data: iasecc_sdo_parse_data() tlv.tag 0xA0
09:36:32.003 [pkcs15-crypt] iasecc-sdo.c:631:iasecc_sdo_parse_data: iasecc_sdo_parse_data() parse IASECC_DOCP_TAG: 0xA0; size 17
09:36:32.003 [pkcs15-crypt] iasecc-sdo.c:561:iasecc_parse_docp: called
09:36:32.003 [pkcs15-crypt] iasecc-sdo.c:404:iasecc_parse_get_tlv: iasecc_parse_get_tlv() called for tag 0x9E
09:36:32.003 [pkcs15-crypt] iasecc-sdo.c:414:iasecc_parse_get_tlv: iasecc_parse_get_tlv() tlv->tag 0x9E
09:36:32.004 [pkcs15-crypt] iasecc-sdo.c:425:iasecc_parse_get_tlv: iasecc_parse_get_tlv() parsed 3 bytes
09:36:32.004 [pkcs15-crypt] iasecc-sdo.c:568:iasecc_parse_docp: iasecc_parse_docp() parse_get_tlv retuned 3; tag 9E; size 1
09:36:32.004 [pkcs15-crypt] iasecc-sdo.c:404:iasecc_parse_get_tlv: iasecc_parse_get_tlv() called for tag 0x80
09:36:32.004 [pkcs15-crypt] iasecc-sdo.c:414:iasecc_parse_get_tlv: iasecc_parse_get_tlv() tlv->tag 0x80
09:36:32.004 [pkcs15-crypt] iasecc-sdo.c:425:iasecc_parse_get_tlv: iasecc_parse_get_tlv() parsed 4 bytes
09:36:32.005 [pkcs15-crypt] iasecc-sdo.c:568:iasecc_parse_docp: iasecc_parse_docp() parse_get_tlv retuned 4; tag 80; size 2
09:36:32.005 [pkcs15-crypt] iasecc-sdo.c:404:iasecc_parse_get_tlv: iasecc_parse_get_tlv() called for tag 0xA1
09:36:32.007 [pkcs15-crypt] iasecc-sdo.c:414:iasecc_parse_get_tlv: iasecc_parse_get_tlv() tlv->tag 0xA1
09:36:32.007 [pkcs15-crypt] iasecc-sdo.c:425:iasecc_parse_get_tlv: iasecc_parse_get_tlv() parsed 10 bytes
09:36:32.007 [pkcs15-crypt] iasecc-sdo.c:568:iasecc_parse_docp: iasecc_parse_docp() parse_get_tlv retuned 10; tag A1; size 8
09:36:32.007 [pkcs15-crypt] iasecc-sdo.c:561:iasecc_parse_docp: called
09:36:32.007 [pkcs15-crypt] iasecc-sdo.c:404:iasecc_parse_get_tlv: iasecc_parse_get_tlv() called for tag 0x8C
09:36:32.007 [pkcs15-crypt] iasecc-sdo.c:414:iasecc_parse_get_tlv: iasecc_parse_get_tlv() tlv->tag 0x8C
09:36:32.007 [pkcs15-crypt] iasecc-sdo.c:425:iasecc_parse_get_tlv: iasecc_parse_get_tlv() parsed 8 bytes
09:36:32.007 [pkcs15-crypt] iasecc-sdo.c:568:iasecc_parse_docp: iasecc_parse_docp() parse_get_tlv retuned 8; tag 8C; size 6
09:36:32.007 [pkcs15-crypt] iasecc-sdo.c:64:iasecc_parse_acls: iasecc_parse_docp() SCBs FF:13:13:13:FF:13:00
09:36:32.007 [pkcs15-crypt] iasecc-sdo.c:65:iasecc_parse_acls: returning with: 0 (Success)
09:36:32.007 [pkcs15-crypt] iasecc-sdo.c:612:iasecc_parse_docp: returning with: 0 (Success)
09:36:32.007 [pkcs15-crypt] iasecc-sdo.c:64:iasecc_parse_acls: iasecc_parse_docp() SCBs FF:13:13:13:FF:13:00
09:36:32.008 [pkcs15-crypt] iasecc-sdo.c:65:iasecc_parse_acls: returning with: 0 (Success)
09:36:32.008 [pkcs15-crypt] iasecc-sdo.c:612:iasecc_parse_docp: returning with: 0 (Success)
09:36:32.008 [pkcs15-crypt] iasecc-sdo.c:633:iasecc_sdo_parse_data: iasecc_sdo_parse_data() parsed IASECC_DOCP_TAG rv 0
09:36:32.008 [pkcs15-crypt] iasecc-sdo.c:740:iasecc_sdo_parse: docp.acls_contact.size 6, docp.size.size 2
09:36:32.008 [pkcs15-crypt] iasecc-sdo.c:742:iasecc_sdo_parse: returning with: 0 (Success)
09:36:32.008 [pkcs15-crypt] card-iasecc.c:2523:iasecc_sdo_get_tagged_data: returning with: 0 (Success)
09:36:32.008 [pkcs15-crypt] card-iasecc.c:2545:iasecc_sdo_get_data: returning with: 0 (Success)
09:36:32.008 [pkcs15-crypt] card-iasecc.c:1412:iasecc_set_security_env: prv->key_size 0x80
09:36:32.008 [pkcs15-crypt] iasecc-sdo.c:89:iasecc_sdo_convert_acl: called
09:36:32.008 [pkcs15-crypt] iasecc-sdo.c:100:iasecc_sdo_convert_acl: OP:11, mask:0x40
09:36:32.008 [pkcs15-crypt] iasecc-sdo.c:101:iasecc_sdo_convert_acl: AMB:BB, scbs:FF131313FF1300
09:36:32.016 [pkcs15-crypt] iasecc-sdo.c:102:iasecc_sdo_convert_acl: docp.acls_contact:BB1313131300
09:36:32.017 [pkcs15-crypt] iasecc-sdo.c:138:iasecc_sdo_convert_acl: returns method FFFFFFFF; ref FFFFFFFF
09:36:32.017 [pkcs15-crypt] iasecc-sdo.c:139:iasecc_sdo_convert_acl: returning with: 0 (Success)
09:36:32.017 [pkcs15-crypt] iasecc-sdo.c:89:iasecc_sdo_convert_acl: called
09:36:32.017 [pkcs15-crypt] iasecc-sdo.c:100:iasecc_sdo_convert_acl: OP:15, mask:0x20
09:36:32.017 [pkcs15-crypt] iasecc-sdo.c:101:iasecc_sdo_convert_acl: AMB:BB, scbs:FF131313FF1300
09:36:32.017 [pkcs15-crypt] iasecc-sdo.c:102:iasecc_sdo_convert_acl: docp.acls_contact:BB1313131300
09:36:32.017 [pkcs15-crypt] iasecc-sdo.c:117:iasecc_sdo_convert_acl: ii:1, scb:0x13
09:36:32.017 [pkcs15-crypt] iasecc-sdo.c:138:iasecc_sdo_convert_acl: returns method 20; ref 3
09:36:32.017 [pkcs15-crypt] iasecc-sdo.c:139:iasecc_sdo_convert_acl: returning with: 0 (Success)
09:36:32.017 [pkcs15-crypt] card-iasecc.c:1431:iasecc_set_security_env: PSO_DST not allowed for this key: -1408 (Not supported)
09:36:32.017 [pkcs15-crypt] sec.c:70:sc_set_security_env: returning with: -1408 (Not supported)
09:36:32.017 [pkcs15-crypt] card.c:330:sc_unlock: called
09:36:32.017 [pkcs15-crypt] pkcs15-sec.c:370:sc_pkcs15_compute_signature: sc_set_security_env() failed: -1408 (Not supported)
Compute signature failed: Not supported

My question is: does it mean that my card is really enable to sign or is it my mistake?

Btw, the specified key id is shown as able to sign the following command:
pkcs15-tool --aid E828BD080FD25047656E65726963 -k -c -v

Thanks for your help.
--
Forje