[Bug 1311921] Re: SmartCard-HSM card does not list RSA 2048 public keys
Chris J Arges
1311921 at bugs.launchpad.net
Mon May 5 18:22:42 UTC 2014
Hello Gert, or anyone else affected,
Accepted opensc into trusty-proposed. The package will build now and be
available at
http://launchpad.net/ubuntu/+source/opensc/0.13.0-3ubuntu4.1 in a few
hours, and then in the -proposed repository.
Please help us by testing this new package. See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
enable and use -proposed. Your feedback will aid us getting this update
out to other Ubuntu users.
If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, and change the tag
from verification-needed to verification-done. If it does not fix the
bug for you, please add a comment stating that, and change the tag to
verification-failed. In either case, details of your testing will help
us make a better decision.
Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in
advance!
** Description changed:
+ [Impact]
+
OpenSC 0.13.0 does not list RSA public keys which are of 2048 bits in
size on a SmartCard-HSM smart card.
Although the keys are listed after on-card key generation, only the
private key is listed later. This issue does not appear for keys of 1024
bits in size on the same card.
+ [Test Case]
Steps to reproduce:
1. Generate the RSA key of 2048 bits in size in case none of this type
is present:
$ pkcs11-tool --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -l --keypairgen --key-type rsa:2048 --id 10
Using slot 1 with a present token (0x1)
Logging in to "SmartCard-HSM (UserPIN)".
- Please enter User PIN:
+ Please enter User PIN:
Key pair generated:
- Private Key Object; RSA
- label: Private Key
- ID: 10
- Usage: decrypt, sign, unwrap
+ Private Key Object; RSA
+ label: Private Key
+ ID: 10
+ Usage: decrypt, sign, unwrap
Public Key Object; RSA 2048 bits
- label: Private Key
- ID: 10
- Usage: encrypt, verify, wrap
+ label: Private Key
+ ID: 10
+ Usage: encrypt, verify, wrap
2. The public key cannot be listed/obained:
2a. using pkcs11-tool, reading the public key fails.
$ pkcs11-tool --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so --id 10 --read-object --type pubkey
Using slot 1 with a present token (0x1)
error: object not found
2b. listing the objects using pcks15-tool will only list the private key
object.
$ pkcs15-tool -D
Using reader with a card: Alcor Micro AU9540 00 00
PKCS#15 Card [SmartCard-HSM]:
[...]
PIN [UserPIN]
[...]
PIN [SOPIN]
[...]
Private RSA Key [Private Key]
[...]
- ID : 10
+ ID : 10
[...]
Fix is committed upstream in
https://github.com/OpenSC/OpenSC/commit/99af6cd8ee78776f50bc016fc230541072c60afb
Applying fix mentioned above on top of opensc (0.13.0-3ubuntu4) fixes
the issue for me, without regenerating keys.
$ pkcs11-tool --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so --id 10 --read-object --type pubkey | hexdump
Using slot 1 with a present token (0x1)
0000000 8230 0a01 8202 0101 9000 5007 f88a 3370
0000010 a1c3 65e0 8d90 0b3b 0f40 d776 2d84 80be
[...]
+
+ [Regression Potential]
+ This fix is already in Utopic. It is an upstream cherry-pick
** Changed in: opensc (Ubuntu Trusty)
Status: In Progress => Fix Committed
** Tags added: verification-needed
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1311921
Title:
SmartCard-HSM card does not list RSA 2048 public keys
Status in “opensc” package in Ubuntu:
Fix Released
Status in “opensc” source package in Trusty:
Fix Committed
Status in “opensc” source package in Utopic:
Fix Released
Status in “opensc” package in Debian:
New
Bug description:
[Impact]
OpenSC 0.13.0 does not list RSA public keys which are of 2048 bits in
size on a SmartCard-HSM smart card.
Although the keys are listed after on-card key generation, only the
private key is listed later. This issue does not appear for keys of
1024 bits in size on the same card.
[Test Case]
Steps to reproduce:
1. Generate the RSA key of 2048 bits in size in case none of this type
is present:
$ pkcs11-tool --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -l --keypairgen --key-type rsa:2048 --id 10
Using slot 1 with a present token (0x1)
Logging in to "SmartCard-HSM (UserPIN)".
Please enter User PIN:
Key pair generated:
Private Key Object; RSA
label: Private Key
ID: 10
Usage: decrypt, sign, unwrap
Public Key Object; RSA 2048 bits
label: Private Key
ID: 10
Usage: encrypt, verify, wrap
2. The public key cannot be listed/obained:
2a. using pkcs11-tool, reading the public key fails.
$ pkcs11-tool --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so --id 10 --read-object --type pubkey
Using slot 1 with a present token (0x1)
error: object not found
2b. listing the objects using pcks15-tool will only list the private
key object.
$ pkcs15-tool -D
Using reader with a card: Alcor Micro AU9540 00 00
PKCS#15 Card [SmartCard-HSM]:
[...]
PIN [UserPIN]
[...]
PIN [SOPIN]
[...]
Private RSA Key [Private Key]
[...]
ID : 10
[...]
Fix is committed upstream in
https://github.com/OpenSC/OpenSC/commit/99af6cd8ee78776f50bc016fc230541072c60afb
Applying fix mentioned above on top of opensc (0.13.0-3ubuntu4) fixes
the issue for me, without regenerating keys.
$ pkcs11-tool --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so --id 10 --read-object --type pubkey | hexdump
Using slot 1 with a present token (0x1)
0000000 8230 0a01 8202 0101 9000 5007 f88a 3370
0000010 a1c3 65e0 8d90 0b3b 0f40 d776 2d84 80be
[...]
[Regression Potential]
This fix is already in Utopic. It is an upstream cherry-pick
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/1311921/+subscriptions
More information about the Ubuntu-sponsors
mailing list