Problem in deciphering with pkcs15-crypt

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Problem in deciphering with pkcs15-crypt

Felipe Blauth
Hello,

I'm having a problem to decipher something  with opensc.

I've ciphered  a file with openssl and a public key generated by openssl also. Then, with opensc 0.11.4, I've stored the private key related to that public key in a smart card. All this in a freeBSD 7.0 enviroment. If I try to dechiper the file with:

pkcs15-crypt -c -k <key-label> -p <pin> --pkcs1 -i ciphered-File -o deciphered.deciphered

And everything goes well..


Then I moved the same file to a FreeBSD 8.0 enviroment running opensc 0.11.9 and, with the same command, I've received

[pkcs15-crypt] sec.c:67:sc_set_security_env: returning with: 0                                                                                                      
[pkcs15-crypt] sec.c:35:sc_decipher: called                                                                                                                         
[pkcs15-crypt] iso7816.c:806:iso7816_decipher: called                                                                                                               
[pkcs15-crypt] card-starcos.c:1258:starcos_check_sw: security enviroment invalid                                                                                    
[pkcs15-crypt] iso7816.c:836:iso7816_decipher: returning with: Card command failed                                                                                  
[pkcs15-crypt] sec.c:39:sc_decipher: returning with: Card command failed                                                                                            
[pkcs15-crypt] pkcs15-sec.c:125:sc_pkcs15_decipher: sc_decipher() failed: Card command failed                                                                       
Decrypt failed: Card command failed                        

I don't know if it is a the freeBSD problem or anything else. I also tryed to dechiper in in my ubuntu 10.04 with opensc 0.11.13 and worked too.

Any help apreciated.

 

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: Problem in deciphering with pkcs15-crypt

Ludovic Rousseau
2010/8/16 Felipe Blauth <[hidden email]>:
> Hello,

Hello,

> I'm having a problem to decipher something  with opensc.
>
> I've ciphered  a file with openssl and a public key generated by openssl
> also. Then, with opensc 0.11.4, I've stored the private key related to that
> public key in a smart card. All this in a freeBSD 7.0 enviroment. If I try
> to dechiper the file with:
>
> pkcs15-crypt -c -k <key-label> -p <pin> --pkcs1 -i ciphered-File -o
> deciphered.deciphered
>
> And everything goes well..
>
>
> Then I moved the same file to a FreeBSD 8.0 enviroment running opensc 0.11.9
> and, with the same command, I've received
>
> [pkcs15-crypt] sec.c:67:sc_set_security_env: returning with:
> 0
> [pkcs15-crypt] sec.c:35:sc_decipher:
> called
> [pkcs15-crypt] iso7816.c:806:iso7816_decipher:
> called
> [pkcs15-crypt] card-starcos.c:1258:starcos_check_sw: security enviroment
> invalid
> [pkcs15-crypt] iso7816.c:836:iso7816_decipher: returning with: Card command
> failed
> [pkcs15-crypt] sec.c:39:sc_decipher: returning with: Card command
> failed
> [pkcs15-crypt] pkcs15-sec.c:125:sc_pkcs15_decipher: sc_decipher() failed:
> Card command
> failed
> Decrypt failed: Card command failed
>
> I don't know if it is a the freeBSD problem or anything else. I also tryed
> to dechiper in in my ubuntu 10.04 with opensc 0.11.13 and worked too.

What card reader are your using?
What card driver are you using?
Regenerate a trace with debug/verbosity set to level 9 (ie -vvvvvvvvv)
Include the complete trace, not just the few last lines

Bye

--
 Dr. Ludovic Rousseau
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: Problem in deciphering with pkcs15-crypt

Ludovic Rousseau
2010/8/18 Felipe Blauth <[hidden email]>:
> Hello,
> I'm using a  Gemplus GemPC Twin 00 00 reader,  pcscd as deamon and the
> generic ccid driver for the reader. I've initialized the card with
> pkcs15-init --create-pkcs15 and I've stored the private key with pkcs15-init
> --store-private-key.
>
> Here it goes the full output:

This log does not contain the errors you listed in your first mail.
It does not even contain the "iso7816_decipher: called" line.

Please try again :-)

--
 Dr. Ludovic Rousseau
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: Problem in deciphering with pkcs15-crypt

Felipe Blauth
Crap, the log is too long, and got cut..

In order to show the entire log, I've put the log in a file here.

And in a google document here

Don't mind about my 123456 password =-p, I have a bunch of test cards wich I can erase, hehe.



2010/8/18 Ludovic Rousseau <[hidden email]>
2010/8/18 Felipe Blauth <[hidden email]>:
> Hello,
> I'm using a  Gemplus GemPC Twin 00 00 reader,  pcscd as deamon and the
> generic ccid driver for the reader. I've initialized the card with
> pkcs15-init --create-pkcs15 and I've stored the private key with pkcs15-init
> --store-private-key.
>
> Here it goes the full output:

This log does not contain the errors you listed in your first mail.
It does not even contain the "iso7816_decipher: called" line.

Please try again :-)

--
 Dr. Ludovic Rousseau


_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: Problem in deciphering with pkcs15-crypt

Martin Paljak-2
Hello,

First and foremost, try a recent snapshot [1] or SVN version if possible.

The set security environment command seems to execute  OK in your log.
The only possible way to know why it fails for one version but works for the other is to compare two logs side by side. Please provide a working log and a failing log, crated by the exact same commands.
Quick comparison of 0.11.4 vs 0.11.9 does not reveal much.

[1] http://www.opensc-project.org/files/opensc/snapshots/
On Aug 18, 2010, at 11:53 PM, Felipe Blauth wrote:

> Crap, the log is too long, and got cut..
>
> In order to show the entire log, I've put the log in a file here.
>
> And in a google document here
>
> Don't mind about my 123456 password =-p, I have a bunch of test cards wich I can erase, hehe.
>
>
>
> 2010/8/18 Ludovic Rousseau <[hidden email]>
> 2010/8/18 Felipe Blauth <[hidden email]>:
> > Hello,
> > I'm using a  Gemplus GemPC Twin 00 00 reader,  pcscd as deamon and the
> > generic ccid driver for the reader. I've initialized the card with
> > pkcs15-init --create-pkcs15 and I've stored the private key with pkcs15-init
> > --store-private-key.
> >
> > Here it goes the full output:
>
> This log does not contain the errors you listed in your first mail.
> It does not even contain the "iso7816_decipher: called" line.
>
> Please try again :-)
>
> --
>  Dr. Ludovic Rousseau
>
> _______________________________________________
> opensc-user mailing list
> [hidden email]
> http://www.opensc-project.org/mailman/listinfo/opensc-user

--
Martin Paljak
@martinpaljak.net
+3725156495

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: Problem in deciphering with pkcs15-crypt

Felipe Blauth
Hello,

First and foremost, try a recent snapshot [1] or SVN version if possible.

For now I can't change the version of OpenSC, so I'm trying to find a solution in this environment. Only in the last case I'll change the version.
 

The set security environment command seems to execute  OK in your log.
The only possible way to know why it fails for one version but works for the other is to compare two logs side by side. Please provide a working log and a failing log, crated by the exact same commands.
Quick comparison of 0.11.4 vs 0.11.9 does not reveal much.

The working log, running in a freeBSD 7.0, with OpenSC 0.11.4 is here or, in a google document, here.
 
The failed log running in a freeBSD 8.0, with OpenSC 0.11.9 can be found in the same folder here, or in a google document here

Regards


[1] http://www.opensc-project.org/files/opensc/snapshots/
On Aug 18, 2010, at 11:53 PM, Felipe Blauth wrote:

> Crap, the log is too long, and got cut..
>
> In order to show the entire log, I've put the log in a file here.
>
> And in a google document here
>
> Don't mind about my 123456 password =-p, I have a bunch of test cards wich I can erase, hehe.
>
>
>
> 2010/8/18 Ludovic Rousseau <[hidden email]>
> 2010/8/18 Felipe Blauth <[hidden email]>:
> > Hello,
> > I'm using a  Gemplus GemPC Twin 00 00 reader,  pcscd as deamon and the
> > generic ccid driver for the reader. I've initialized the card with
> > pkcs15-init --create-pkcs15 and I've stored the private key with pkcs15-init
> > --store-private-key.
> >
> > Here it goes the full output:
>
> This log does not contain the errors you listed in your first mail.
> It does not even contain the "iso7816_decipher: called" line.
>
> Please try again :-)
>
> --
>  Dr. Ludovic Rousseau
>
> _______________________________________________
> opensc-user mailing list
> [hidden email]
> http://www.opensc-project.org/mailman/listinfo/opensc-user

--
Martin Paljak
@martinpaljak.net
+3725156495



_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: Problem in deciphering with pkcs15-crypt

Felipe Blauth
Solved the problem by upgrading from version 0.11.9 to 0.11.13  of OpenSC and from version 8.0 to 8.1 of FreeBSD.

The same file got decrypted with the same card successful in the new environment.

What exactly was going wrong I don't know, but if someone stuck on the same problems this is a workaround.

Regards.



2010/8/27 Felipe Blauth <[hidden email]>
Hello,

First and foremost, try a recent snapshot [1] or SVN version if possible.

For now I can't change the version of OpenSC, so I'm trying to find a solution in this environment. Only in the last case I'll change the version.
 

The set security environment command seems to execute  OK in your log.
The only possible way to know why it fails for one version but works for the other is to compare two logs side by side. Please provide a working log and a failing log, crated by the exact same commands.
Quick comparison of 0.11.4 vs 0.11.9 does not reveal much.

The working log, running in a freeBSD 7.0, with OpenSC 0.11.4 is here or, in a google document, here.
 
The failed log running in a freeBSD 8.0, with OpenSC 0.11.9 can be found in the same folder here, or in a google document here

Regards


[1] http://www.opensc-project.org/files/opensc/snapshots/
On Aug 18, 2010, at 11:53 PM, Felipe Blauth wrote:

> Crap, the log is too long, and got cut..
>
> In order to show the entire log, I've put the log in a file here.
>
> And in a google document here
>
> Don't mind about my 123456 password =-p, I have a bunch of test cards wich I can erase, hehe.
>
>
>
> 2010/8/18 Ludovic Rousseau <[hidden email]>
> 2010/8/18 Felipe Blauth <[hidden email]>:
> > Hello,
> > I'm using a  Gemplus GemPC Twin 00 00 reader,  pcscd as deamon and the
> > generic ccid driver for the reader. I've initialized the card with
> > pkcs15-init --create-pkcs15 and I've stored the private key with pkcs15-init
> > --store-private-key.
> >
> > Here it goes the full output:
>
> This log does not contain the errors you listed in your first mail.
> It does not even contain the "iso7816_decipher: called" line.
>
> Please try again :-)
>
> --
>  Dr. Ludovic Rousseau
>
> _______________________________________________
> opensc-user mailing list
> [hidden email]
> http://www.opensc-project.org/mailman/listinfo/opensc-user

--
Martin Paljak
@martinpaljak.net
+3725156495




_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user