Failed to sign with an IAS_ECC card

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Failed to sign with an IAS_ECC card

forje
Hi all, I am new to this kind of application and I am trying to generate a signature with a Gemalto IAS_ECC card and the pkcs15-crypt command line tool (opensc v0.2.12). The command fails saying that the specified key is not allowed to sign. Here is the command I use: pkcs15-crypt --aid 4543432047656E6572696320504B49 -k __key_id__--sign --pkcs1 --sha-1 --input data_to_sign --output signature Here an extract of the trace that I think relevant: 09:36:31.995 [pkcs15-crypt] reader-pcsc.c:176:pcsc_internal_transmit: called 09:36:32.002 [pkcs15-crypt] apdu.c:184:sc_apdu_log: Incoming APDU data [ 27 bytes] ===================================== 70 17 BF 90 01 13 A0 11 9E 01 00 80 02 00 80 A1 p............... 08 8C 06 BB 13 13 13 13 00 90 00 ........... ====================================================================== 09:36:32.003 [pkcs15-crypt] card.c:330:sc_unlock: called 09:36:32.003 [pkcs15-crypt] card.c:330:sc_unlock: called 09:36:32.003 [pkcs15-crypt] iasecc-sdo.c:701:iasecc_sdo_parse: called 09:36:32.003 [pkcs15-crypt] iasecc-sdo.c:709:iasecc_sdo_parse: IASECC_SDO_TEMPLATE: size 23, size_size 1 09:36:32.003 [pkcs15-crypt] iasecc-sdo.c:727:iasecc_sdo_parse: sz 19, sz_size 1 09:36:32.003 [pkcs15-crypt] iasecc-sdo.c:623:iasecc_sdo_parse_data: called 09:36:32.003 [pkcs15-crypt] iasecc-sdo.c:624:iasecc_sdo_parse_data: iasecc_sdo_parse_data() class 10; ref 1 09:36:32.003 [pkcs15-crypt] iasecc-sdo.c:404:iasecc_parse_get_tlv: iasecc_parse_get_tlv() called for tag 0xA0 09:36:32.003 [pkcs15-crypt] iasecc-sdo.c:414:iasecc_parse_get_tlv: iasecc_parse_get_tlv() tlv->tag 0xA0 09:36:32.003 [pkcs15-crypt] iasecc-sdo.c:425:iasecc_parse_get_tlv: iasecc_parse_get_tlv() parsed 19 bytes 09:36:32.003 [pkcs15-crypt] iasecc-sdo.c:629:iasecc_sdo_parse_data: iasecc_sdo_parse_data() tlv.tag 0xA0 09:36:32.003 [pkcs15-crypt] iasecc-sdo.c:631:iasecc_sdo_parse_data: iasecc_sdo_parse_data() parse IASECC_DOCP_TAG: 0xA0; size 17 09:36:32.003 [pkcs15-crypt] iasecc-sdo.c:561:iasecc_parse_docp: called 09:36:32.003 [pkcs15-crypt] iasecc-sdo.c:404:iasecc_parse_get_tlv: iasecc_parse_get_tlv() called for tag 0x9E 09:36:32.003 [pkcs15-crypt] iasecc-sdo.c:414:iasecc_parse_get_tlv: iasecc_parse_get_tlv() tlv->tag 0x9E 09:36:32.004 [pkcs15-crypt] iasecc-sdo.c:425:iasecc_parse_get_tlv: iasecc_parse_get_tlv() parsed 3 bytes 09:36:32.004 [pkcs15-crypt] iasecc-sdo.c:568:iasecc_parse_docp: iasecc_parse_docp() parse_get_tlv retuned 3; tag 9E; size 1 09:36:32.004 [pkcs15-crypt] iasecc-sdo.c:404:iasecc_parse_get_tlv: iasecc_parse_get_tlv() called for tag 0x80 09:36:32.004 [pkcs15-crypt] iasecc-sdo.c:414:iasecc_parse_get_tlv: iasecc_parse_get_tlv() tlv->tag 0x80 09:36:32.004 [pkcs15-crypt] iasecc-sdo.c:425:iasecc_parse_get_tlv: iasecc_parse_get_tlv() parsed 4 bytes 09:36:32.005 [pkcs15-crypt] iasecc-sdo.c:568:iasecc_parse_docp: iasecc_parse_docp() parse_get_tlv retuned 4; tag 80; size 2 09:36:32.005 [pkcs15-crypt] iasecc-sdo.c:404:iasecc_parse_get_tlv: iasecc_parse_get_tlv() called for tag 0xA1 09:36:32.007 [pkcs15-crypt] iasecc-sdo.c:414:iasecc_parse_get_tlv: iasecc_parse_get_tlv() tlv->tag 0xA1 09:36:32.007 [pkcs15-crypt] iasecc-sdo.c:425:iasecc_parse_get_tlv: iasecc_parse_get_tlv() parsed 10 bytes 09:36:32.007 [pkcs15-crypt] iasecc-sdo.c:568:iasecc_parse_docp: iasecc_parse_docp() parse_get_tlv retuned 10; tag A1; size 8 09:36:32.007 [pkcs15-crypt] iasecc-sdo.c:561:iasecc_parse_docp: called 09:36:32.007 [pkcs15-crypt] iasecc-sdo.c:404:iasecc_parse_get_tlv: iasecc_parse_get_tlv() called for tag 0x8C 09:36:32.007 [pkcs15-crypt] iasecc-sdo.c:414:iasecc_parse_get_tlv: iasecc_parse_get_tlv() tlv->tag 0x8C 09:36:32.007 [pkcs15-crypt] iasecc-sdo.c:425:iasecc_parse_get_tlv: iasecc_parse_get_tlv() parsed 8 bytes 09:36:32.007 [pkcs15-crypt] iasecc-sdo.c:568:iasecc_parse_docp: iasecc_parse_docp() parse_get_tlv retuned 8; tag 8C; size 6 09:36:32.007 [pkcs15-crypt] iasecc-sdo.c:64:iasecc_parse_acls: iasecc_parse_docp() SCBs FF:13:13:13:FF:13:00 09:36:32.007 [pkcs15-crypt] iasecc-sdo.c:65:iasecc_parse_acls: returning with: 0 (Success) 09:36:32.007 [pkcs15-crypt] iasecc-sdo.c:612:iasecc_parse_docp: returning with: 0 (Success) 09:36:32.007 [pkcs15-crypt] iasecc-sdo.c:64:iasecc_parse_acls: iasecc_parse_docp() SCBs FF:13:13:13:FF:13:00 09:36:32.008 [pkcs15-crypt] iasecc-sdo.c:65:iasecc_parse_acls: returning with: 0 (Success) 09:36:32.008 [pkcs15-crypt] iasecc-sdo.c:612:iasecc_parse_docp: returning with: 0 (Success) 09:36:32.008 [pkcs15-crypt] iasecc-sdo.c:633:iasecc_sdo_parse_data: iasecc_sdo_parse_data() parsed IASECC_DOCP_TAG rv 0 09:36:32.008 [pkcs15-crypt] iasecc-sdo.c:740:iasecc_sdo_parse: docp.acls_contact.size 6, docp.size.size 2 09:36:32.008 [pkcs15-crypt] iasecc-sdo.c:742:iasecc_sdo_parse: returning with: 0 (Success) 09:36:32.008 [pkcs15-crypt] card-iasecc.c:2523:iasecc_sdo_get_tagged_data: returning with: 0 (Success) 09:36:32.008 [pkcs15-crypt] card-iasecc.c:2545:iasecc_sdo_get_data: returning with: 0 (Success) 09:36:32.008 [pkcs15-crypt] card-iasecc.c:1412:iasecc_set_security_env: prv->key_size 0x80 09:36:32.008 [pkcs15-crypt] iasecc-sdo.c:89:iasecc_sdo_convert_acl: called 09:36:32.008 [pkcs15-crypt] iasecc-sdo.c:100:iasecc_sdo_convert_acl: OP:11, mask:0x40 09:36:32.008 [pkcs15-crypt] iasecc-sdo.c:101:iasecc_sdo_convert_acl: AMB:BB, scbs:FF131313FF1300 09:36:32.016 [pkcs15-crypt] iasecc-sdo.c:102:iasecc_sdo_convert_acl: docp.acls_contact:BB1313131300 09:36:32.017 [pkcs15-crypt] iasecc-sdo.c:138:iasecc_sdo_convert_acl: returns method FFFFFFFF; ref FFFFFFFF 09:36:32.017 [pkcs15-crypt] iasecc-sdo.c:139:iasecc_sdo_convert_acl: returning with: 0 (Success) 09:36:32.017 [pkcs15-crypt] iasecc-sdo.c:89:iasecc_sdo_convert_acl: called 09:36:32.017 [pkcs15-crypt] iasecc-sdo.c:100:iasecc_sdo_convert_acl: OP:15, mask:0x20 09:36:32.017 [pkcs15-crypt] iasecc-sdo.c:101:iasecc_sdo_convert_acl: AMB:BB, scbs:FF131313FF1300 09:36:32.017 [pkcs15-crypt] iasecc-sdo.c:102:iasecc_sdo_convert_acl: docp.acls_contact:BB1313131300 09:36:32.017 [pkcs15-crypt] iasecc-sdo.c:117:iasecc_sdo_convert_acl: ii:1, scb:0x13 09:36:32.017 [pkcs15-crypt] iasecc-sdo.c:138:iasecc_sdo_convert_acl: returns method 20; ref 3 09:36:32.017 [pkcs15-crypt] iasecc-sdo.c:139:iasecc_sdo_convert_acl: returning with: 0 (Success) 09:36:32.017 [pkcs15-crypt] card-iasecc.c:1431:iasecc_set_security_env: PSO_DST not allowed for this key: -1408 (Not supported) 09:36:32.017 [pkcs15-crypt] sec.c:70:sc_set_security_env: returning with: -1408 (Not supported) 09:36:32.017 [pkcs15-crypt] card.c:330:sc_unlock: called 09:36:32.017 [pkcs15-crypt] pkcs15-sec.c:370:sc_pkcs15_compute_signature: sc_set_security_env() failed: -1408 (Not supported) Compute signature failed: Not supported My question is: does it mean that my card is really enable to sign or is it my mistake? Btw, the specified key id is shown as able to sign the following command: pkcs15-tool --aid E828BD080FD25047656E65726963 -k -c -v Thanks for your help. -- Forje