missing key usage of pubkey

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

missing key usage of pubkey

Cornelius Kölbel-2
Hi,

I am doing some tests with the nitrokey (smartcard-hsm) on Ubuntu 14.04.
It comes with 0.13.0-3ubuntu4.1.

So you may simply tell me to get a newer version ;-)

Now, when I generate a key pair everything looks fine.
The key usage of the pubkey is marked as _encrypt_.

But when I run -l -O the public key has no attributes!


(venv)cornelius@puckel ...c/privacyidea/privacyidea/lib/security
(git)-[pkcs11] % pkcs11-tool
--module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -l --keypairgen
--key-type rsa:2048 --id
11                                                    
Using slot 1 with a present token (0x1)
Logging in to "SmartCard-HSM (UserPIN)".
Please enter User PIN:
Key pair generated:
Private Key Object; RSA
  label:      Private Key
  ID:         11
  Usage:      decrypt, sign, unwrap
Public Key Object; RSA 2048 bits
  label:      Private Key
  ID:         11
  Usage:      encrypt, verify, wrap
(venv)cornelius@puckel ...c/privacyidea/privacyidea/lib/security
(git)-[pkcs11] % pkcs11-tool
--module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -l -O
Using slot 1 with a present token (0x1)
Logging in to "SmartCard-HSM (UserPIN)".
Please enter User PIN:
Private Key Object; RSA
  label:      Private Key
  ID:         11
  Usage:      decrypt, sign, unwrap
Public Key Object; RSA 2048 bits
  label:      Private Key
  ID:         11
  Usage:      none

Also when I look at the object all key usage attribs are set to false:

[CKA_ALWAYS_SENSITIVE: True
CKA_CLASS: CKO_PUBLIC_KEY
CKA_DECRYPT: False
CKA_DERIVE: False
CKA_ENCRYPT: False
CKA_EXTRACTABLE: (0L,)
CKA_ID: (17L,)
CKA_KEY_GEN_MECHANISM: -1
CKA_KEY_TYPE: CKK_RSA
CKA_LABEL: Private Key
CKA_LOCAL: True
CKA_MODIFIABLE: False

When I try to encrypt with the key handle on key x11 i get
CKR_FUNCTION_NOT_SUPPORTED.

So it looks like the attributes of the pubkey are not persisted.

Am I missing something?

Thanks a lot and kind regards
Cornelius

 

------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel

signature.asc (853 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: missing key usage of pubkey

Andreas Schwier (ML)
Dear Cornelius,

get a newer version ;-)

0.13 was the first version to support the SmartCard-HSM and a lot has
happened since then.

Andreas

On 04/15/2016 11:02 PM, Cornelius Kölbel wrote:

> Hi,
>
> I am doing some tests with the nitrokey (smartcard-hsm) on Ubuntu 14.04.
> It comes with 0.13.0-3ubuntu4.1.
>
> So you may simply tell me to get a newer version ;-)
>
> Now, when I generate a key pair everything looks fine.
> The key usage of the pubkey is marked as _encrypt_.
>
> But when I run -l -O the public key has no attributes!
>
>
> (venv)cornelius@puckel ...c/privacyidea/privacyidea/lib/security
> (git)-[pkcs11] % pkcs11-tool
> --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -l --keypairgen
> --key-type rsa:2048 --id
> 11                                                    
> Using slot 1 with a present token (0x1)
> Logging in to "SmartCard-HSM (UserPIN)".
> Please enter User PIN:
> Key pair generated:
> Private Key Object; RSA
>   label:      Private Key
>   ID:         11
>   Usage:      decrypt, sign, unwrap
> Public Key Object; RSA 2048 bits
>   label:      Private Key
>   ID:         11
>   Usage:      encrypt, verify, wrap
> (venv)cornelius@puckel ...c/privacyidea/privacyidea/lib/security
> (git)-[pkcs11] % pkcs11-tool
> --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -l -O
> Using slot 1 with a present token (0x1)
> Logging in to "SmartCard-HSM (UserPIN)".
> Please enter User PIN:
> Private Key Object; RSA
>   label:      Private Key
>   ID:         11
>   Usage:      decrypt, sign, unwrap
> Public Key Object; RSA 2048 bits
>   label:      Private Key
>   ID:         11
>   Usage:      none
>
> Also when I look at the object all key usage attribs are set to false:
>
> [CKA_ALWAYS_SENSITIVE: True
> CKA_CLASS: CKO_PUBLIC_KEY
> CKA_DECRYPT: False
> CKA_DERIVE: False
> CKA_ENCRYPT: False
> CKA_EXTRACTABLE: (0L,)
> CKA_ID: (17L,)
> CKA_KEY_GEN_MECHANISM: -1
> CKA_KEY_TYPE: CKK_RSA
> CKA_LABEL: Private Key
> CKA_LOCAL: True
> CKA_MODIFIABLE: False
>
> When I try to encrypt with the key handle on key x11 i get
> CKR_FUNCTION_NOT_SUPPORTED.
>
> So it looks like the attributes of the pubkey are not persisted.
>
> Am I missing something?
>
> Thanks a lot and kind regards
> Cornelius
>
>  
>
>
>
> ------------------------------------------------------------------------------
> Find and fix application performance issues faster with Applications Manager
> Applications Manager provides deep performance insights into multiple tiers of
> your business applications. It resolves application problems quickly and
> reduces your MTTR. Get your free trial!
> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
>
>
>
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>


--

    ---------    CardContact Systems GmbH
   |.##> <##.|   Schülerweg 38
   |#       #|   D-32429 Minden, Germany
   |#       #|   Phone +49 571 56149
   |'##> <##'|   http://www.cardcontact.de
    ---------    Registergericht Bad Oeynhausen HRB 14880
                 Geschäftsführer Andreas Schwier

------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: missing key usage of pubkey

Cornelius Kölbel-2
In reply to this post by Cornelius Kölbel-2
Hello Andreas,

Thanks a lot. I will do so, test it and report.

Kind regards 
Cornelius 



Cornelius Kölbel
+49 151 2960 1417

NetKnights GmbH
http://netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel


-------- Ursprüngliche Nachricht --------
Von: Andreas Schwier <[hidden email]>
Datum: 16.04.2016 00:11 (GMT+01:00)
An: [hidden email]
Betreff: Re: [Opensc-devel] missing key usage of pubkey

Dear Cornelius,

get a newer version ;-)

0.13 was the first version to support the SmartCard-HSM and a lot has
happened since then.

Andreas

On 04/15/2016 11:02 PM, Cornelius Kölbel wrote:

> Hi,
>
> I am doing some tests with the nitrokey (smartcard-hsm) on Ubuntu 14.04.
> It comes with 0.13.0-3ubuntu4.1.
>
> So you may simply tell me to get a newer version ;-)
>
> Now, when I generate a key pair everything looks fine.
> The key usage of the pubkey is marked as _encrypt_.
>
> But when I run -l -O the public key has no attributes!
>
>
> (venv)cornelius@puckel ...c/privacyidea/privacyidea/lib/security
> (git)-[pkcs11] % pkcs11-tool
> --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -l --keypairgen
> --key-type rsa:2048 --id
> 11                                                   
> Using slot 1 with a present token (0x1)
> Logging in to "SmartCard-HSM (UserPIN)".
> Please enter User PIN:
> Key pair generated:
> Private Key Object; RSA
>   label:      Private Key
>   ID:         11
>   Usage:      decrypt, sign, unwrap
> Public Key Object; RSA 2048 bits
>   label:      Private Key
>   ID:         11
>   Usage:      encrypt, verify, wrap
> (venv)cornelius@puckel ...c/privacyidea/privacyidea/lib/security
> (git)-[pkcs11] % pkcs11-tool
> --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -l -O
> Using slot 1 with a present token (0x1)
> Logging in to "SmartCard-HSM (UserPIN)".
> Please enter User PIN:
> Private Key Object; RSA
>   label:      Private Key
>   ID:         11
>   Usage:      decrypt, sign, unwrap
> Public Key Object; RSA 2048 bits
>   label:      Private Key
>   ID:         11
>   Usage:      none
>
> Also when I look at the object all key usage attribs are set to false:
>
> [CKA_ALWAYS_SENSITIVE: True
> CKA_CLASS: CKO_PUBLIC_KEY
> CKA_DECRYPT: False
> CKA_DERIVE: False
> CKA_ENCRYPT: False
> CKA_EXTRACTABLE: (0L,)
> CKA_ID: (17L,)
> CKA_KEY_GEN_MECHANISM: -1
> CKA_KEY_TYPE: CKK_RSA
> CKA_LABEL: Private Key
> CKA_LOCAL: True
> CKA_MODIFIABLE: False
>
> When I try to encrypt with the key handle on key x11 i get
> CKR_FUNCTION_NOT_SUPPORTED.
>
> So it looks like the attributes of the pubkey are not persisted.
>
> Am I missing something?
>
> Thanks a lot and kind regards
> Cornelius
>

>
>
>
> ------------------------------------------------------------------------------
> Find and fix application performance issues faster with Applications Manager
> Applications Manager provides deep performance insights into multiple tiers of
> your business applications. It resolves application problems quickly and
> reduces your MTTR. Get your free trial!
> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
>
>
>
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>


--

    ---------    CardContact Systems GmbH
   |.##> <##.|   Schülerweg 38
   |#       #|   D-32429 Minden, Germany
   |#       #|   Phone +49 571 56149
   |'##> <##'|   http://www.cardcontact.de
    ---------    Registergericht Bad Oeynhausen HRB 14880
                 Geschäftsführer Andreas Schwier

------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel

------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: missing key usage of pubkey

Cornelius Kölbel-2
In reply to this post by Andreas Schwier (ML)
Hi Andreas,

I compile 0.15 and used it the below way. It still looks the same.
(Maybe I didn't use it correctly)

But it still looks the same. When I list all objects, the public key
(12) does not have the key-usage "encrypt".

Kind regards
Cornelius

/usr/local/bin/pkcs11-tool --module /usr/local/lib/opensc-pkcs11.so -l
--keypairgen --key-type rsa:2048 --id 12
Using slot 1 with a present token (0x1)
Logging in to "SmartCard-HSM (UserPIN)".
Please enter User PIN:
Key pair generated:
Private Key Object; RSA
  label:      Private Key
  ID:         12
  Usage:      decrypt, sign, unwrap
Public Key Object; RSA 2048 bits
  label:      Private Key
  ID:         12
  Usage:      encrypt, verify, wrap
(venv)cornelius@puckel ...c/privacyidea/privacyidea/lib/security
(git)-[pkcs11] % /usr/local/bin/pkcs11-tool
--module /usr/local/lib/opensc-pkcs11.so -l -O
Using slot 1 with a present token (0x1)
Logging in to "SmartCard-HSM (UserPIN)".
Please enter User PIN:
Private Key Object; RSA
  label:      Private Key
  ID:         11
  Usage:      decrypt, sign, unwrap
Public Key Object; RSA 2048 bits
  label:      Private Key
  ID:         11
  Usage:      none
Private Key Object; RSA
  label:      Private Key
  ID:         12
  Usage:      decrypt, sign, unwrap
Public Key Object; RSA 2048 bits
  label:      Private Key
  ID:         12
  Usage:      none




Am Samstag, den 16.04.2016, 00:11 +0200 schrieb Andreas Schwier:

> Dear Cornelius,
>
> get a newer version ;-)
>
> 0.13 was the first version to support the SmartCard-HSM and a lot has
> happened since then.
>
> Andreas
>
> On 04/15/2016 11:02 PM, Cornelius Kölbel wrote:
> > Hi,
> >
> > I am doing some tests with the nitrokey (smartcard-hsm) on Ubuntu 14.04.
> > It comes with 0.13.0-3ubuntu4.1.
> >
> > So you may simply tell me to get a newer version ;-)
> >
> > Now, when I generate a key pair everything looks fine.
> > The key usage of the pubkey is marked as _encrypt_.
> >
> > But when I run -l -O the public key has no attributes!
> >
> >
> > (venv)cornelius@puckel ...c/privacyidea/privacyidea/lib/security
> > (git)-[pkcs11] % pkcs11-tool
> > --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -l --keypairgen
> > --key-type rsa:2048 --id
> > 11                                                    
> > Using slot 1 with a present token (0x1)
> > Logging in to "SmartCard-HSM (UserPIN)".
> > Please enter User PIN:
> > Key pair generated:
> > Private Key Object; RSA
> >   label:      Private Key
> >   ID:         11
> >   Usage:      decrypt, sign, unwrap
> > Public Key Object; RSA 2048 bits
> >   label:      Private Key
> >   ID:         11
> >   Usage:      encrypt, verify, wrap
> > (venv)cornelius@puckel ...c/privacyidea/privacyidea/lib/security
> > (git)-[pkcs11] % pkcs11-tool
> > --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -l -O
> > Using slot 1 with a present token (0x1)
> > Logging in to "SmartCard-HSM (UserPIN)".
> > Please enter User PIN:
> > Private Key Object; RSA
> >   label:      Private Key
> >   ID:         11
> >   Usage:      decrypt, sign, unwrap
> > Public Key Object; RSA 2048 bits
> >   label:      Private Key
> >   ID:         11
> >   Usage:      none
> >
> > Also when I look at the object all key usage attribs are set to false:
> >
> > [CKA_ALWAYS_SENSITIVE: True
> > CKA_CLASS: CKO_PUBLIC_KEY
> > CKA_DECRYPT: False
> > CKA_DERIVE: False
> > CKA_ENCRYPT: False
> > CKA_EXTRACTABLE: (0L,)
> > CKA_ID: (17L,)
> > CKA_KEY_GEN_MECHANISM: -1
> > CKA_KEY_TYPE: CKK_RSA
> > CKA_LABEL: Private Key
> > CKA_LOCAL: True
> > CKA_MODIFIABLE: False
> >
> > When I try to encrypt with the key handle on key x11 i get
> > CKR_FUNCTION_NOT_SUPPORTED.
> >
> > So it looks like the attributes of the pubkey are not persisted.
> >
> > Am I missing something?
> >
> > Thanks a lot and kind regards
> > Cornelius
> >
> >  
> >
> >
> >
> > ------------------------------------------------------------------------------
> > Find and fix application performance issues faster with Applications Manager
> > Applications Manager provides deep performance insights into multiple tiers of
> > your business applications. It resolves application problems quickly and
> > reduces your MTTR. Get your free trial!
> > https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
> >
> >
> >
> > _______________________________________________
> > Opensc-devel mailing list
> > [hidden email]
> > https://lists.sourceforge.net/lists/listinfo/opensc-devel
> >
>
>
--
Cornelius Kölbel
[hidden email]
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel



------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel

signature.asc (853 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: missing key usage of pubkey

Andreas Schwier (ML)
Dear Cornelius,

I can confirm that this is a bug.

A patch is available on Github [1].

The reason why this wasn't spotted before is, that the flag does not
really have any relevance, as OpenSC does not provide for public key
operations anyway. So the only use case for the public key object is to
extract the public key value, i.e. to place that in a certificate.

Andreas

[1] https://github.com/OpenSC/OpenSC/pull/734

On 04/16/2016 10:36 AM, Cornelius Kölbel wrote:

> Hi Andreas,
>
> I compile 0.15 and used it the below way. It still looks the same.
> (Maybe I didn't use it correctly)
>
> But it still looks the same. When I list all objects, the public key
> (12) does not have the key-usage "encrypt".
>
> Kind regards
> Cornelius
>
> /usr/local/bin/pkcs11-tool --module /usr/local/lib/opensc-pkcs11.so -l
> --keypairgen --key-type rsa:2048 --id 12
> Using slot 1 with a present token (0x1)
> Logging in to "SmartCard-HSM (UserPIN)".
> Please enter User PIN:
> Key pair generated:
> Private Key Object; RSA
>   label:      Private Key
>   ID:         12
>   Usage:      decrypt, sign, unwrap
> Public Key Object; RSA 2048 bits
>   label:      Private Key
>   ID:         12
>   Usage:      encrypt, verify, wrap
> (venv)cornelius@puckel ...c/privacyidea/privacyidea/lib/security
> (git)-[pkcs11] % /usr/local/bin/pkcs11-tool
> --module /usr/local/lib/opensc-pkcs11.so -l -O
> Using slot 1 with a present token (0x1)
> Logging in to "SmartCard-HSM (UserPIN)".
> Please enter User PIN:
> Private Key Object; RSA
>   label:      Private Key
>   ID:         11
>   Usage:      decrypt, sign, unwrap
> Public Key Object; RSA 2048 bits
>   label:      Private Key
>   ID:         11
>   Usage:      none
> Private Key Object; RSA
>   label:      Private Key
>   ID:         12
>   Usage:      decrypt, sign, unwrap
> Public Key Object; RSA 2048 bits
>   label:      Private Key
>   ID:         12
>   Usage:      none
>
>
>
>
> Am Samstag, den 16.04.2016, 00:11 +0200 schrieb Andreas Schwier:
>> Dear Cornelius,
>>
>> get a newer version ;-)
>>
>> 0.13 was the first version to support the SmartCard-HSM and a lot has
>> happened since then.
>>
>> Andreas
>>
>> On 04/15/2016 11:02 PM, Cornelius Kölbel wrote:
>>> Hi,
>>>
>>> I am doing some tests with the nitrokey (smartcard-hsm) on Ubuntu 14.04.
>>> It comes with 0.13.0-3ubuntu4.1.
>>>
>>> So you may simply tell me to get a newer version ;-)
>>>
>>> Now, when I generate a key pair everything looks fine.
>>> The key usage of the pubkey is marked as _encrypt_.
>>>
>>> But when I run -l -O the public key has no attributes!
>>>
>>>
>>> (venv)cornelius@puckel ...c/privacyidea/privacyidea/lib/security
>>> (git)-[pkcs11] % pkcs11-tool
>>> --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -l --keypairgen
>>> --key-type rsa:2048 --id
>>> 11                                                    
>>> Using slot 1 with a present token (0x1)
>>> Logging in to "SmartCard-HSM (UserPIN)".
>>> Please enter User PIN:
>>> Key pair generated:
>>> Private Key Object; RSA
>>>   label:      Private Key
>>>   ID:         11
>>>   Usage:      decrypt, sign, unwrap
>>> Public Key Object; RSA 2048 bits
>>>   label:      Private Key
>>>   ID:         11
>>>   Usage:      encrypt, verify, wrap
>>> (venv)cornelius@puckel ...c/privacyidea/privacyidea/lib/security
>>> (git)-[pkcs11] % pkcs11-tool
>>> --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -l -O
>>> Using slot 1 with a present token (0x1)
>>> Logging in to "SmartCard-HSM (UserPIN)".
>>> Please enter User PIN:
>>> Private Key Object; RSA
>>>   label:      Private Key
>>>   ID:         11
>>>   Usage:      decrypt, sign, unwrap
>>> Public Key Object; RSA 2048 bits
>>>   label:      Private Key
>>>   ID:         11
>>>   Usage:      none
>>>
>>> Also when I look at the object all key usage attribs are set to false:
>>>
>>> [CKA_ALWAYS_SENSITIVE: True
>>> CKA_CLASS: CKO_PUBLIC_KEY
>>> CKA_DECRYPT: False
>>> CKA_DERIVE: False
>>> CKA_ENCRYPT: False
>>> CKA_EXTRACTABLE: (0L,)
>>> CKA_ID: (17L,)
>>> CKA_KEY_GEN_MECHANISM: -1
>>> CKA_KEY_TYPE: CKK_RSA
>>> CKA_LABEL: Private Key
>>> CKA_LOCAL: True
>>> CKA_MODIFIABLE: False
>>>
>>> When I try to encrypt with the key handle on key x11 i get
>>> CKR_FUNCTION_NOT_SUPPORTED.
>>>
>>> So it looks like the attributes of the pubkey are not persisted.
>>>
>>> Am I missing something?
>>>
>>> Thanks a lot and kind regards
>>> Cornelius
>>>
>>>  
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Find and fix application performance issues faster with Applications Manager
>>> Applications Manager provides deep performance insights into multiple tiers of
>>> your business applications. It resolves application problems quickly and
>>> reduces your MTTR. Get your free trial!
>>> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
>>>
>>>
>>>
>>> _______________________________________________
>>> Opensc-devel mailing list
>>> [hidden email]
>>> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>>>
>>
>>
>
>
>
> ------------------------------------------------------------------------------
> Find and fix application performance issues faster with Applications Manager
> Applications Manager provides deep performance insights into multiple tiers of
> your business applications. It resolves application problems quickly and
> reduces your MTTR. Get your free trial!
> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
>
>
>
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>


--

    ---------    CardContact Systems GmbH
   |.##> <##.|   Schülerweg 38
   |#       #|   D-32429 Minden, Germany
   |#       #|   Phone +49 571 56149
   |'##> <##'|   http://www.cardcontact.de
    ---------    Registergericht Bad Oeynhausen HRB 14880
                 Geschäftsführer Andreas Schwier

------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: missing key usage of pubkey

Cornelius Kölbel-2
Hello Andreas,

thanks for the clarification and the pull request.

OpenSC does not provide public key operations?
So you telling me, that running C_EncryptInit/C_Encrypt will not work
a.k.a raise a NotImplemented Exception?

Kind regards
Cornelius

Am Samstag, den 16.04.2016, 13:37 +0200 schrieb Andreas Schwier:

> Dear Cornelius,
>
> I can confirm that this is a bug.
>
> A patch is available on Github [1].
>
> The reason why this wasn't spotted before is, that the flag does not
> really have any relevance, as OpenSC does not provide for public key
> operations anyway. So the only use case for the public key object is to
> extract the public key value, i.e. to place that in a certificate.
>
> Andreas
>
> [1] https://github.com/OpenSC/OpenSC/pull/734
>
> On 04/16/2016 10:36 AM, Cornelius Kölbel wrote:
> > Hi Andreas,
> >
> > I compile 0.15 and used it the below way. It still looks the same.
> > (Maybe I didn't use it correctly)
> >
> > But it still looks the same. When I list all objects, the public key
> > (12) does not have the key-usage "encrypt".
> >
> > Kind regards
> > Cornelius
> >
> > /usr/local/bin/pkcs11-tool --module /usr/local/lib/opensc-pkcs11.so -l
> > --keypairgen --key-type rsa:2048 --id 12
> > Using slot 1 with a present token (0x1)
> > Logging in to "SmartCard-HSM (UserPIN)".
> > Please enter User PIN:
> > Key pair generated:
> > Private Key Object; RSA
> >   label:      Private Key
> >   ID:         12
> >   Usage:      decrypt, sign, unwrap
> > Public Key Object; RSA 2048 bits
> >   label:      Private Key
> >   ID:         12
> >   Usage:      encrypt, verify, wrap
> > (venv)cornelius@puckel ...c/privacyidea/privacyidea/lib/security
> > (git)-[pkcs11] % /usr/local/bin/pkcs11-tool
> > --module /usr/local/lib/opensc-pkcs11.so -l -O
> > Using slot 1 with a present token (0x1)
> > Logging in to "SmartCard-HSM (UserPIN)".
> > Please enter User PIN:
> > Private Key Object; RSA
> >   label:      Private Key
> >   ID:         11
> >   Usage:      decrypt, sign, unwrap
> > Public Key Object; RSA 2048 bits
> >   label:      Private Key
> >   ID:         11
> >   Usage:      none
> > Private Key Object; RSA
> >   label:      Private Key
> >   ID:         12
> >   Usage:      decrypt, sign, unwrap
> > Public Key Object; RSA 2048 bits
> >   label:      Private Key
> >   ID:         12
> >   Usage:      none
> >
> >
> >
> >
> > Am Samstag, den 16.04.2016, 00:11 +0200 schrieb Andreas Schwier:
> >> Dear Cornelius,
> >>
> >> get a newer version ;-)
> >>
> >> 0.13 was the first version to support the SmartCard-HSM and a lot has
> >> happened since then.
> >>
> >> Andreas
> >>
> >> On 04/15/2016 11:02 PM, Cornelius Kölbel wrote:
> >>> Hi,
> >>>
> >>> I am doing some tests with the nitrokey (smartcard-hsm) on Ubuntu 14.04.
> >>> It comes with 0.13.0-3ubuntu4.1.
> >>>
> >>> So you may simply tell me to get a newer version ;-)
> >>>
> >>> Now, when I generate a key pair everything looks fine.
> >>> The key usage of the pubkey is marked as _encrypt_.
> >>>
> >>> But when I run -l -O the public key has no attributes!
> >>>
> >>>
> >>> (venv)cornelius@puckel ...c/privacyidea/privacyidea/lib/security
> >>> (git)-[pkcs11] % pkcs11-tool
> >>> --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -l --keypairgen
> >>> --key-type rsa:2048 --id
> >>> 11                                                    
> >>> Using slot 1 with a present token (0x1)
> >>> Logging in to "SmartCard-HSM (UserPIN)".
> >>> Please enter User PIN:
> >>> Key pair generated:
> >>> Private Key Object; RSA
> >>>   label:      Private Key
> >>>   ID:         11
> >>>   Usage:      decrypt, sign, unwrap
> >>> Public Key Object; RSA 2048 bits
> >>>   label:      Private Key
> >>>   ID:         11
> >>>   Usage:      encrypt, verify, wrap
> >>> (venv)cornelius@puckel ...c/privacyidea/privacyidea/lib/security
> >>> (git)-[pkcs11] % pkcs11-tool
> >>> --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -l -O
> >>> Using slot 1 with a present token (0x1)
> >>> Logging in to "SmartCard-HSM (UserPIN)".
> >>> Please enter User PIN:
> >>> Private Key Object; RSA
> >>>   label:      Private Key
> >>>   ID:         11
> >>>   Usage:      decrypt, sign, unwrap
> >>> Public Key Object; RSA 2048 bits
> >>>   label:      Private Key
> >>>   ID:         11
> >>>   Usage:      none
> >>>
> >>> Also when I look at the object all key usage attribs are set to false:
> >>>
> >>> [CKA_ALWAYS_SENSITIVE: True
> >>> CKA_CLASS: CKO_PUBLIC_KEY
> >>> CKA_DECRYPT: False
> >>> CKA_DERIVE: False
> >>> CKA_ENCRYPT: False
> >>> CKA_EXTRACTABLE: (0L,)
> >>> CKA_ID: (17L,)
> >>> CKA_KEY_GEN_MECHANISM: -1
> >>> CKA_KEY_TYPE: CKK_RSA
> >>> CKA_LABEL: Private Key
> >>> CKA_LOCAL: True
> >>> CKA_MODIFIABLE: False
> >>>
> >>> When I try to encrypt with the key handle on key x11 i get
> >>> CKR_FUNCTION_NOT_SUPPORTED.
> >>>
> >>> So it looks like the attributes of the pubkey are not persisted.
> >>>
> >>> Am I missing something?
> >>>
> >>> Thanks a lot and kind regards
> >>> Cornelius
> >>>
> >>>  
> >>>
> >>>
> >>>
> >>> ------------------------------------------------------------------------------
> >>> Find and fix application performance issues faster with Applications Manager
> >>> Applications Manager provides deep performance insights into multiple tiers of
> >>> your business applications. It resolves application problems quickly and
> >>> reduces your MTTR. Get your free trial!
> >>> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
> >>>
> >>>
> >>>
> >>> _______________________________________________
> >>> Opensc-devel mailing list
> >>> [hidden email]
> >>> https://lists.sourceforge.net/lists/listinfo/opensc-devel
> >>>
> >>
> >>
> >
> >
> >
> > ------------------------------------------------------------------------------
> > Find and fix application performance issues faster with Applications Manager
> > Applications Manager provides deep performance insights into multiple tiers of
> > your business applications. It resolves application problems quickly and
> > reduces your MTTR. Get your free trial!
> > https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
> >
> >
> >
> > _______________________________________________
> > Opensc-devel mailing list
> > [hidden email]
> > https://lists.sourceforge.net/lists/listinfo/opensc-devel
> >
>
>
--
Cornelius Kölbel
[hidden email]
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel



------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel

signature.asc (853 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: missing key usage of pubkey

Andreas Schwier (ML)
Hi Cornelius,

yes, that is what I'm saying: No support for public key operations in
OpenSC. The reason is, that OpenSC is a PKCS#11 Interface to access
private keys on a hardware device, it's not a fully-fledged crypto
library. Typically public key operations don't require the token and are
performed using a software crypto library. There are very few
applications where public and private key operations are performed on
the same system (e.g. Local disk encrypting).

Andreas



On 04/16/2016 02:22 PM, Cornelius Kölbel wrote:

> Hello Andreas,
>
> thanks for the clarification and the pull request.
>
> OpenSC does not provide public key operations?
> So you telling me, that running C_EncryptInit/C_Encrypt will not work
> a.k.a raise a NotImplemented Exception?
>
> Kind regards
> Cornelius
>
> Am Samstag, den 16.04.2016, 13:37 +0200 schrieb Andreas Schwier:
>> Dear Cornelius,
>>
>> I can confirm that this is a bug.
>>
>> A patch is available on Github [1].
>>
>> The reason why this wasn't spotted before is, that the flag does not
>> really have any relevance, as OpenSC does not provide for public key
>> operations anyway. So the only use case for the public key object is to
>> extract the public key value, i.e. to place that in a certificate.
>>
>> Andreas
>>
>> [1] https://github.com/OpenSC/OpenSC/pull/734
>>
>> On 04/16/2016 10:36 AM, Cornelius Kölbel wrote:
>>> Hi Andreas,
>>>
>>> I compile 0.15 and used it the below way. It still looks the same.
>>> (Maybe I didn't use it correctly)
>>>
>>> But it still looks the same. When I list all objects, the public key
>>> (12) does not have the key-usage "encrypt".
>>>
>>> Kind regards
>>> Cornelius
>>>
>>> /usr/local/bin/pkcs11-tool --module /usr/local/lib/opensc-pkcs11.so -l
>>> --keypairgen --key-type rsa:2048 --id 12
>>> Using slot 1 with a present token (0x1)
>>> Logging in to "SmartCard-HSM (UserPIN)".
>>> Please enter User PIN:
>>> Key pair generated:
>>> Private Key Object; RSA
>>>   label:      Private Key
>>>   ID:         12
>>>   Usage:      decrypt, sign, unwrap
>>> Public Key Object; RSA 2048 bits
>>>   label:      Private Key
>>>   ID:         12
>>>   Usage:      encrypt, verify, wrap
>>> (venv)cornelius@puckel ...c/privacyidea/privacyidea/lib/security
>>> (git)-[pkcs11] % /usr/local/bin/pkcs11-tool
>>> --module /usr/local/lib/opensc-pkcs11.so -l -O
>>> Using slot 1 with a present token (0x1)
>>> Logging in to "SmartCard-HSM (UserPIN)".
>>> Please enter User PIN:
>>> Private Key Object; RSA
>>>   label:      Private Key
>>>   ID:         11
>>>   Usage:      decrypt, sign, unwrap
>>> Public Key Object; RSA 2048 bits
>>>   label:      Private Key
>>>   ID:         11
>>>   Usage:      none
>>> Private Key Object; RSA
>>>   label:      Private Key
>>>   ID:         12
>>>   Usage:      decrypt, sign, unwrap
>>> Public Key Object; RSA 2048 bits
>>>   label:      Private Key
>>>   ID:         12
>>>   Usage:      none
>>>
>>>
>>>
>>>
>>> Am Samstag, den 16.04.2016, 00:11 +0200 schrieb Andreas Schwier:
>>>> Dear Cornelius,
>>>>
>>>> get a newer version ;-)
>>>>
>>>> 0.13 was the first version to support the SmartCard-HSM and a lot has
>>>> happened since then.
>>>>
>>>> Andreas
>>>>
>>>> On 04/15/2016 11:02 PM, Cornelius Kölbel wrote:
>>>>> Hi,
>>>>>
>>>>> I am doing some tests with the nitrokey (smartcard-hsm) on Ubuntu 14.04.
>>>>> It comes with 0.13.0-3ubuntu4.1.
>>>>>
>>>>> So you may simply tell me to get a newer version ;-)
>>>>>
>>>>> Now, when I generate a key pair everything looks fine.
>>>>> The key usage of the pubkey is marked as _encrypt_.
>>>>>
>>>>> But when I run -l -O the public key has no attributes!
>>>>>
>>>>>
>>>>> (venv)cornelius@puckel ...c/privacyidea/privacyidea/lib/security
>>>>> (git)-[pkcs11] % pkcs11-tool
>>>>> --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -l --keypairgen
>>>>> --key-type rsa:2048 --id
>>>>> 11                                                    
>>>>> Using slot 1 with a present token (0x1)
>>>>> Logging in to "SmartCard-HSM (UserPIN)".
>>>>> Please enter User PIN:
>>>>> Key pair generated:
>>>>> Private Key Object; RSA
>>>>>   label:      Private Key
>>>>>   ID:         11
>>>>>   Usage:      decrypt, sign, unwrap
>>>>> Public Key Object; RSA 2048 bits
>>>>>   label:      Private Key
>>>>>   ID:         11
>>>>>   Usage:      encrypt, verify, wrap
>>>>> (venv)cornelius@puckel ...c/privacyidea/privacyidea/lib/security
>>>>> (git)-[pkcs11] % pkcs11-tool
>>>>> --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -l -O
>>>>> Using slot 1 with a present token (0x1)
>>>>> Logging in to "SmartCard-HSM (UserPIN)".
>>>>> Please enter User PIN:
>>>>> Private Key Object; RSA
>>>>>   label:      Private Key
>>>>>   ID:         11
>>>>>   Usage:      decrypt, sign, unwrap
>>>>> Public Key Object; RSA 2048 bits
>>>>>   label:      Private Key
>>>>>   ID:         11
>>>>>   Usage:      none
>>>>>
>>>>> Also when I look at the object all key usage attribs are set to false:
>>>>>
>>>>> [CKA_ALWAYS_SENSITIVE: True
>>>>> CKA_CLASS: CKO_PUBLIC_KEY
>>>>> CKA_DECRYPT: False
>>>>> CKA_DERIVE: False
>>>>> CKA_ENCRYPT: False
>>>>> CKA_EXTRACTABLE: (0L,)
>>>>> CKA_ID: (17L,)
>>>>> CKA_KEY_GEN_MECHANISM: -1
>>>>> CKA_KEY_TYPE: CKK_RSA
>>>>> CKA_LABEL: Private Key
>>>>> CKA_LOCAL: True
>>>>> CKA_MODIFIABLE: False
>>>>>
>>>>> When I try to encrypt with the key handle on key x11 i get
>>>>> CKR_FUNCTION_NOT_SUPPORTED.
>>>>>
>>>>> So it looks like the attributes of the pubkey are not persisted.
>>>>>
>>>>> Am I missing something?
>>>>>
>>>>> Thanks a lot and kind regards
>>>>> Cornelius
>>>>>
>>>>>  
>>>>>
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>> Find and fix application performance issues faster with Applications Manager
>>>>> Applications Manager provides deep performance insights into multiple tiers of
>>>>> your business applications. It resolves application problems quickly and
>>>>> reduces your MTTR. Get your free trial!
>>>>> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Opensc-devel mailing list
>>>>> [hidden email]
>>>>> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>>>>>
>>>>
>>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Find and fix application performance issues faster with Applications Manager
>>> Applications Manager provides deep performance insights into multiple tiers of
>>> your business applications. It resolves application problems quickly and
>>> reduces your MTTR. Get your free trial!
>>> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
>>>
>>>
>>>
>>> _______________________________________________
>>> Opensc-devel mailing list
>>> [hidden email]
>>> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>>>
>>
>>
>
>
>
> ------------------------------------------------------------------------------
> Find and fix application performance issues faster with Applications Manager
> Applications Manager provides deep performance insights into multiple tiers of
> your business applications. It resolves application problems quickly and
> reduces your MTTR. Get your free trial!
> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
>
>
>
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>


--

    ---------    CardContact Systems GmbH
   |.##> <##.|   Schülerweg 38
   |#       #|   D-32429 Minden, Germany
   |#       #|   Phone +49 571 56149
   |'##> <##'|   http://www.cardcontact.de
    ---------    Registergericht Bad Oeynhausen HRB 14880
                 Geschäftsführer Andreas Schwier

------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: missing key usage of pubkey

Cornelius Kölbel-2
Hi Andreas,

that is totally true. Usually the public key does not need to reside on
my HW device and it can not if I think of classical applications like
message encryption, where the encrypting party does not have my hardware
device - of course.

But it may be a bit different with the smartcard HSM. I want to use the
smartcard HSM (or the nitrokey HSM) to do server side encrption. I.e. I
want to encrypt information in the database.
The server will encrypt incoming or changing data with the public key.
And decrypt data read from the database. And as the smartcard is
connected, I could easily use the key from the smartcard also to encrypt
the data.

Well, now I need to add a dependency to a 2nd external RSA lib. It is
ok, I understand the reason. I know I will not change opensc here. ;-)
But it is a bit disillusioning.

Anyway, thanks a lot for your response, fix and background information.

Kind regards
Cornelius

Am Montag, den 18.04.2016, 08:47 +0200 schrieb Andreas Schwier:

> Hi Cornelius,
>
> yes, that is what I'm saying: No support for public key operations in
> OpenSC. The reason is, that OpenSC is a PKCS#11 Interface to access
> private keys on a hardware device, it's not a fully-fledged crypto
> library. Typically public key operations don't require the token and are
> performed using a software crypto library. There are very few
> applications where public and private key operations are performed on
> the same system (e.g. Local disk encrypting).
>
> Andreas
>
>
>
> On 04/16/2016 02:22 PM, Cornelius Kölbel wrote:
> > Hello Andreas,
> >
> > thanks for the clarification and the pull request.
> >
> > OpenSC does not provide public key operations?
> > So you telling me, that running C_EncryptInit/C_Encrypt will not work
> > a.k.a raise a NotImplemented Exception?
> >
> > Kind regards
> > Cornelius
> >
> > Am Samstag, den 16.04.2016, 13:37 +0200 schrieb Andreas Schwier:
> >> Dear Cornelius,
> >>
> >> I can confirm that this is a bug.
> >>
> >> A patch is available on Github [1].
> >>
> >> The reason why this wasn't spotted before is, that the flag does not
> >> really have any relevance, as OpenSC does not provide for public key
> >> operations anyway. So the only use case for the public key object is to
> >> extract the public key value, i.e. to place that in a certificate.
> >>
> >> Andreas
> >>
> >> [1] https://github.com/OpenSC/OpenSC/pull/734
> >>
> >> On 04/16/2016 10:36 AM, Cornelius Kölbel wrote:
> >>> Hi Andreas,
> >>>
> >>> I compile 0.15 and used it the below way. It still looks the same.
> >>> (Maybe I didn't use it correctly)
> >>>
> >>> But it still looks the same. When I list all objects, the public key
> >>> (12) does not have the key-usage "encrypt".
> >>>
> >>> Kind regards
> >>> Cornelius
> >>>
> >>> /usr/local/bin/pkcs11-tool --module /usr/local/lib/opensc-pkcs11.so -l
> >>> --keypairgen --key-type rsa:2048 --id 12
> >>> Using slot 1 with a present token (0x1)
> >>> Logging in to "SmartCard-HSM (UserPIN)".
> >>> Please enter User PIN:
> >>> Key pair generated:
> >>> Private Key Object; RSA
> >>>   label:      Private Key
> >>>   ID:         12
> >>>   Usage:      decrypt, sign, unwrap
> >>> Public Key Object; RSA 2048 bits
> >>>   label:      Private Key
> >>>   ID:         12
> >>>   Usage:      encrypt, verify, wrap
> >>> (venv)cornelius@puckel ...c/privacyidea/privacyidea/lib/security
> >>> (git)-[pkcs11] % /usr/local/bin/pkcs11-tool
> >>> --module /usr/local/lib/opensc-pkcs11.so -l -O
> >>> Using slot 1 with a present token (0x1)
> >>> Logging in to "SmartCard-HSM (UserPIN)".
> >>> Please enter User PIN:
> >>> Private Key Object; RSA
> >>>   label:      Private Key
> >>>   ID:         11
> >>>   Usage:      decrypt, sign, unwrap
> >>> Public Key Object; RSA 2048 bits
> >>>   label:      Private Key
> >>>   ID:         11
> >>>   Usage:      none
> >>> Private Key Object; RSA
> >>>   label:      Private Key
> >>>   ID:         12
> >>>   Usage:      decrypt, sign, unwrap
> >>> Public Key Object; RSA 2048 bits
> >>>   label:      Private Key
> >>>   ID:         12
> >>>   Usage:      none
> >>>
> >>>
> >>>
> >>>
> >>> Am Samstag, den 16.04.2016, 00:11 +0200 schrieb Andreas Schwier:
> >>>> Dear Cornelius,
> >>>>
> >>>> get a newer version ;-)
> >>>>
> >>>> 0.13 was the first version to support the SmartCard-HSM and a lot has
> >>>> happened since then.
> >>>>
> >>>> Andreas
> >>>>
> >>>> On 04/15/2016 11:02 PM, Cornelius Kölbel wrote:
> >>>>> Hi,
> >>>>>
> >>>>> I am doing some tests with the nitrokey (smartcard-hsm) on Ubuntu 14.04.
> >>>>> It comes with 0.13.0-3ubuntu4.1.
> >>>>>
> >>>>> So you may simply tell me to get a newer version ;-)
> >>>>>
> >>>>> Now, when I generate a key pair everything looks fine.
> >>>>> The key usage of the pubkey is marked as _encrypt_.
> >>>>>
> >>>>> But when I run -l -O the public key has no attributes!
> >>>>>
> >>>>>
> >>>>> (venv)cornelius@puckel ...c/privacyidea/privacyidea/lib/security
> >>>>> (git)-[pkcs11] % pkcs11-tool
> >>>>> --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -l --keypairgen
> >>>>> --key-type rsa:2048 --id
> >>>>> 11                                                    
> >>>>> Using slot 1 with a present token (0x1)
> >>>>> Logging in to "SmartCard-HSM (UserPIN)".
> >>>>> Please enter User PIN:
> >>>>> Key pair generated:
> >>>>> Private Key Object; RSA
> >>>>>   label:      Private Key
> >>>>>   ID:         11
> >>>>>   Usage:      decrypt, sign, unwrap
> >>>>> Public Key Object; RSA 2048 bits
> >>>>>   label:      Private Key
> >>>>>   ID:         11
> >>>>>   Usage:      encrypt, verify, wrap
> >>>>> (venv)cornelius@puckel ...c/privacyidea/privacyidea/lib/security
> >>>>> (git)-[pkcs11] % pkcs11-tool
> >>>>> --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -l -O
> >>>>> Using slot 1 with a present token (0x1)
> >>>>> Logging in to "SmartCard-HSM (UserPIN)".
> >>>>> Please enter User PIN:
> >>>>> Private Key Object; RSA
> >>>>>   label:      Private Key
> >>>>>   ID:         11
> >>>>>   Usage:      decrypt, sign, unwrap
> >>>>> Public Key Object; RSA 2048 bits
> >>>>>   label:      Private Key
> >>>>>   ID:         11
> >>>>>   Usage:      none
> >>>>>
> >>>>> Also when I look at the object all key usage attribs are set to false:
> >>>>>
> >>>>> [CKA_ALWAYS_SENSITIVE: True
> >>>>> CKA_CLASS: CKO_PUBLIC_KEY
> >>>>> CKA_DECRYPT: False
> >>>>> CKA_DERIVE: False
> >>>>> CKA_ENCRYPT: False
> >>>>> CKA_EXTRACTABLE: (0L,)
> >>>>> CKA_ID: (17L,)
> >>>>> CKA_KEY_GEN_MECHANISM: -1
> >>>>> CKA_KEY_TYPE: CKK_RSA
> >>>>> CKA_LABEL: Private Key
> >>>>> CKA_LOCAL: True
> >>>>> CKA_MODIFIABLE: False
> >>>>>
> >>>>> When I try to encrypt with the key handle on key x11 i get
> >>>>> CKR_FUNCTION_NOT_SUPPORTED.
> >>>>>
> >>>>> So it looks like the attributes of the pubkey are not persisted.
> >>>>>
> >>>>> Am I missing something?
> >>>>>
> >>>>> Thanks a lot and kind regards
> >>>>> Cornelius
> >>>>>
> >>>>>  
> >>>>>
> >>>>>
> >>>>>
> >>>>> ------------------------------------------------------------------------------
> >>>>> Find and fix application performance issues faster with Applications Manager
> >>>>> Applications Manager provides deep performance insights into multiple tiers of
> >>>>> your business applications. It resolves application problems quickly and
> >>>>> reduces your MTTR. Get your free trial!
> >>>>> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
> >>>>>
> >>>>>
> >>>>>
> >>>>> _______________________________________________
> >>>>> Opensc-devel mailing list
> >>>>> [hidden email]
> >>>>> https://lists.sourceforge.net/lists/listinfo/opensc-devel
> >>>>>
> >>>>
> >>>>
> >>>
> >>>
> >>>
> >>> ------------------------------------------------------------------------------
> >>> Find and fix application performance issues faster with Applications Manager
> >>> Applications Manager provides deep performance insights into multiple tiers of
> >>> your business applications. It resolves application problems quickly and
> >>> reduces your MTTR. Get your free trial!
> >>> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
> >>>
> >>>
> >>>
> >>> _______________________________________________
> >>> Opensc-devel mailing list
> >>> [hidden email]
> >>> https://lists.sourceforge.net/lists/listinfo/opensc-devel
> >>>
> >>
> >>
> >
> >
> >
> > ------------------------------------------------------------------------------
> > Find and fix application performance issues faster with Applications Manager
> > Applications Manager provides deep performance insights into multiple tiers of
> > your business applications. It resolves application problems quickly and
> > reduces your MTTR. Get your free trial!
> > https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
> >
> >
> >
> > _______________________________________________
> > Opensc-devel mailing list
> > [hidden email]
> > https://lists.sourceforge.net/lists/listinfo/opensc-devel
> >
>
>
--
Cornelius Kölbel
[hidden email]
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel



------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel

signature.asc (853 bytes) Download Attachment