wully
2014-03-15 14:07:18 UTC
Hi
I have further investigated the musclecard. Now, I can use pkcs11 for
creating objects, loading RSA-keys,
encrypting and decrypting (with RSA_NO_PAD). I am very pleased, that
this is starting to work...
But I have noticed something strange:
when loading an RSA-keypair from the host to the empty musclecard, there
are created THREE
key-objects. I would expect TWO.
----------- snippet from the modified muscletest output ----
Verify default PIN : Successful
Currently logged identities : 0002
CreateObject returns : Successful
WriteObject returns : Successful
ReadObject returns : Successful
Object data : MUSCLE VIRTUAL CARD.
Data comparison : Successful
Listing objects : Successful
------------------------------------------------------
Object ID Object Size READ WRITE DELETE
----------------- ----------- ---- ----- ------
c1 50 0000 0000 0000
k2 512 0000 0002 0002
k1 912 0002 0002 0002
k0 512 0000 0002 0002
------------------------------------------------------
Free object memory : 00003948
DeleteObject returns : Successful
Free object memory : 00004014
GetChallenge returns : Successful
Random data : 21 EE 14 0B D4 7A 21 19
----------- end snippet ----------
Object c1 is created (and afterwards deleted) by muscletest. That is ok.
as one can see, the object with ID k2 is created in addition to the two
k0(public) and k1(private).
From the pkcs11-trace, I see, that k2 contains the same public key as k0.
But when asking the CKA_PUBLIC_EXPONENT from k0, I get
CKR_ATTRIBUTE_TYPE_INVALID.
The CKA_MODULUS is ok.
In the pkcs11-trace, the key k2 contains such an attribute, but in k0,
the attribute is removed.
Why? No idea.
I will try, to access k2 (which I did not create) and see, wether the
CKA_PUBLIC_EXPONENT will be given.
wully
I have further investigated the musclecard. Now, I can use pkcs11 for
creating objects, loading RSA-keys,
encrypting and decrypting (with RSA_NO_PAD). I am very pleased, that
this is starting to work...
But I have noticed something strange:
when loading an RSA-keypair from the host to the empty musclecard, there
are created THREE
key-objects. I would expect TWO.
----------- snippet from the modified muscletest output ----
Verify default PIN : Successful
Currently logged identities : 0002
CreateObject returns : Successful
WriteObject returns : Successful
ReadObject returns : Successful
Object data : MUSCLE VIRTUAL CARD.
Data comparison : Successful
Listing objects : Successful
------------------------------------------------------
Object ID Object Size READ WRITE DELETE
----------------- ----------- ---- ----- ------
c1 50 0000 0000 0000
k2 512 0000 0002 0002
k1 912 0002 0002 0002
k0 512 0000 0002 0002
------------------------------------------------------
Free object memory : 00003948
DeleteObject returns : Successful
Free object memory : 00004014
GetChallenge returns : Successful
Random data : 21 EE 14 0B D4 7A 21 19
----------- end snippet ----------
Object c1 is created (and afterwards deleted) by muscletest. That is ok.
as one can see, the object with ID k2 is created in addition to the two
k0(public) and k1(private).
From the pkcs11-trace, I see, that k2 contains the same public key as k0.
But when asking the CKA_PUBLIC_EXPONENT from k0, I get
CKR_ATTRIBUTE_TYPE_INVALID.
The CKA_MODULUS is ok.
In the pkcs11-trace, the key k2 contains such an attribute, but in k0,
the attribute is removed.
Why? No idea.
I will try, to access k2 (which I did not create) and see, wether the
CKA_PUBLIC_EXPONENT will be given.
wully