Ticket #140 (new defect)

Opened 18 months ago

Last modified 18 months ago

musclecard support broken

Reported by: leifj Owned by: opensc-devel@…
Priority: normal Milestone:
Component: opensc Version: trunk
Severity: major Keywords:
Cc:

Description

I have a cryptoflex e-gate initialized with the musclecard applet from http://www.identityalliance.com/CardEdgeII.ijc as per the instructions in the wiki for personalizing a musclecard. Initialization of the card works and so does creating a keypair using pkcs15-init. However when I try to use the key to sing something I get the following error (eg using pkcs11-tool with the default pkcs11 module for opensc): 

# /pkg/opensc/trunk/bin/pkcs11-tool -t --login --slot 0 --pin 00000000
C_SeedRandom() and C_GenerateRandom():
  not implemented
Digests:
  all 4 digest functions seem to work
  MD5: OK
  SHA-1: OK
  RIPEMD160: OK
Signatures (currently only RSA signatures)
  testing key 0 (test)
iso7816.c:102:iso7816_check_sw: Unknown SWs; SW1=9C, SW2=01
muscle.c:795:msc_compute_crypt_final: returning with: Card command failed
muscle.c:852:msc_compute_crypt: returning with: Card command failed
card-muscle.c:749:muscle_compute_signature: Card signature failed: Card command failed
sec.c:53:sc_compute_signature: returning with: Card command failed
pkcs15-sec.c:248:sc_pkcs15_compute_signature: sc_compute_signature() failed: Card command failed
error: PKCS11 function C_SignFinal failed: rv = CKR_GENERAL_ERROR (0x5)

Here is what pkcs15-dump knows about the card: 

# pkcs15-tool --dump --pin 00000000
PKCS#15 Card [MUSCLE]:
        Version        : 1
        Serial number  : 0000
        Manufacturer ID: Identity Alliance
        Last update    : 20070521075211Z
        Flags          : EID compliant

PIN [User PIN]
        Com. Flags: 0x3
        ID        : 01
        Flags     : [0x10], initialized
        Length    : min_len:4, max_len:8, stored_len:8
        Pad char  : 0x00
        Reference : 1
        Type      : ascii-numeric
        Path      : 3f005015

Private RSA Key [test]
        Com. Flags  : 3
        Usage       : [0x4], sign
        Access Flags: [0x1D], sensitive, alwaysSensitive, neverExtract, local
        ModLength   : 1024
        Key ref     : 0
        Native      : yes
        Path        : 3f005015
        Auth ID     : 01
        ID          : 45

Public RSA Key [test]
        Com. Flags  : 2
        Usage       : [0x4], sign
        Access Flags: [0x0]
        ModLength   : 1024
        Key ref     : 0
        Native      : no
        Path        : 3f0050153045
        Auth ID     :
        ID          : 4

Change History

Changed 18 months ago by leifj

  • severity changed from critical to major

Actually I got everything to work when using the default profile instead of the onepin profile which was used above. I guess it might be viewed as a bug in the error handling (not being able to print messages for the error which clearly has something to do with access control).

Changed 18 months ago by leifj

Note that this works using *trunk* - not the released version 0.11.2

Note: See TracTickets for help on using tickets.