[Bug 1311921] Re: SmartCard-HSM card does not list RSA 2048 public keys

Launchpad Bug Tracker 1311921 at bugs.launchpad.net
Fri May 2 13:31:27 UTC 2014 

This bug was fixed in the package opensc - 0.13.0-3ubuntu5

---------------
opensc (0.13.0-3ubuntu5) utopic; urgency=low

  * debian/patches/0003-fix-sc-hsm-rsa2048.patch:
    Add upstream fix to show generated RSA public keys of 2048 bits.
    Cherry-picking commit:
    - 99af6cd sc-hsm: Fixed a bug that prevents a newly generated 2048 [...]
    (LP: #1311921)
 -- Gert van Dijk <gertvdijk at gmail.com>   Thu, 24 Apr 2014 00:21:53 +0200

** Changed in: opensc (Ubuntu Utopic)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1311921

Title:
  SmartCard-HSM card does not list RSA 2048 public keys

Status in “opensc” package in Ubuntu:
  Fix Released
Status in “opensc” source package in Trusty:
  In Progress
Status in “opensc” source package in Utopic:
  Fix Released
Status in “opensc” package in Debian:
  Unknown

Bug description:
  OpenSC 0.13.0 does not list RSA public keys which are of 2048 bits in
  size on a SmartCard-HSM smart card.

  Although the keys are listed after on-card key generation, only the
  private key is listed later. This issue does not appear for keys of
  1024 bits in size on the same card.

  Steps to reproduce:

  1. Generate the RSA key of 2048 bits in size in case none of this type
  is present:

  $ pkcs11-tool --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -l --keypairgen --key-type rsa:2048 --id 10
  Using slot 1 with a present token (0x1)
  Logging in to "SmartCard-HSM (UserPIN)".
  Please enter User PIN: 
  Key pair generated:
  Private Key Object; RSA 
    label:      Private Key
    ID:         10
    Usage:      decrypt, sign, unwrap
  Public Key Object; RSA 2048 bits
    label:      Private Key
    ID:         10
    Usage:      encrypt, verify, wrap

  2. The public key cannot be listed/obained:

  2a. using pkcs11-tool, reading the public key fails.

  $ pkcs11-tool --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so --id 10 --read-object --type pubkey
  Using slot 1 with a present token (0x1)
  error: object not found

  2b. listing the objects using pcks15-tool will only list the private
  key object.

  $ pkcs15-tool -D
  Using reader with a card: Alcor Micro AU9540 00 00
  PKCS#15 Card [SmartCard-HSM]:
  [...]

  PIN [UserPIN]
  [...]

  PIN [SOPIN]
  [...]

  Private RSA Key [Private Key]
  [...]
          ID             : 10
  [...]

  Fix is committed upstream in
  https://github.com/OpenSC/OpenSC/commit/99af6cd8ee78776f50bc016fc230541072c60afb

  Applying fix mentioned above on top of opensc (0.13.0-3ubuntu4) fixes
  the issue for me, without regenerating keys.

  $ pkcs11-tool --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so --id 10 --read-object --type pubkey | hexdump
  Using slot 1 with a present token (0x1)
  0000000 8230 0a01 8202 0101 9000 5007 f88a 3370
  0000010 a1c3 65e0 8d90 0b3b 0f40 d776 2d84 80be
  [...]

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/1311921/+subscriptions

More information about the Ubuntu-sponsors mailing list