[Bug 1311921] Re: SmartCard-HSM card does not list RSA 2048 public keys

Launchpad Bug Tracker 1311921 at bugs.launchpad.net
Sun May 4 03:02:04 UTC 2014


** Branch linked: lp:ubuntu/opensc

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1311921

Title:
  SmartCard-HSM card does not list RSA 2048 public keys

Status in “opensc” package in Ubuntu:
  Fix Released
Status in “opensc” source package in Trusty:
  In Progress
Status in “opensc” source package in Utopic:
  Fix Released
Status in “opensc” package in Debian:
  New

Bug description:
  OpenSC 0.13.0 does not list RSA public keys which are of 2048 bits in
  size on a SmartCard-HSM smart card.

  Although the keys are listed after on-card key generation, only the
  private key is listed later. This issue does not appear for keys of
  1024 bits in size on the same card.

  Steps to reproduce:

  1. Generate the RSA key of 2048 bits in size in case none of this type
  is present:

  $ pkcs11-tool --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -l --keypairgen --key-type rsa:2048 --id 10
  Using slot 1 with a present token (0x1)
  Logging in to "SmartCard-HSM (UserPIN)".
  Please enter User PIN: 
  Key pair generated:
  Private Key Object; RSA 
    label:      Private Key
    ID:         10
    Usage:      decrypt, sign, unwrap
  Public Key Object; RSA 2048 bits
    label:      Private Key
    ID:         10
    Usage:      encrypt, verify, wrap

  2. The public key cannot be listed/obained:

  2a. using pkcs11-tool, reading the public key fails.

  $ pkcs11-tool --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so --id 10 --read-object --type pubkey
  Using slot 1 with a present token (0x1)
  error: object not found

  2b. listing the objects using pcks15-tool will only list the private
  key object.

  $ pkcs15-tool -D
  Using reader with a card: Alcor Micro AU9540 00 00
  PKCS#15 Card [SmartCard-HSM]:
  [...]

  PIN [UserPIN]
  [...]

  PIN [SOPIN]
  [...]

  Private RSA Key [Private Key]
  [...]
          ID             : 10
  [...]

  Fix is committed upstream in
  https://github.com/OpenSC/OpenSC/commit/99af6cd8ee78776f50bc016fc230541072c60afb

  Applying fix mentioned above on top of opensc (0.13.0-3ubuntu4) fixes
  the issue for me, without regenerating keys.

  $ pkcs11-tool --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so --id 10 --read-object --type pubkey | hexdump
  Using slot 1 with a present token (0x1)
  0000000 8230 0a01 8202 0101 9000 5007 f88a 3370
  0000010 a1c3 65e0 8d90 0b3b 0f40 d776 2d84 80be
  [...]

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/1311921/+subscriptions



More information about the Ubuntu-sponsors mailing list