Not able to do C_Sign operation on yubikey card slot 9c
Closed this issue · 4 comments
Hello, I'm not sure if this is where I should ask for help on this issue. I'd be happy to file this somewhere else if pointed in the right direction.
I'm developing an application that interacts with smartcards using opensc pkcs11. The other card slots work as intended for signing, and 9c also works on windows where we use a different API for PIV communication. Following the Cryptoki spec we do the following for slot 9c (which has CKA_ALWAYS_AUTHENTICATE enabled)
C_Login with CKU_USER
C_SignInit
C_Login with CKU_CONTEXT_SPECIFIC
C_Sign
but the last call to C_Sign keeps returning CKR_DATA_INVALID
Same data using another keyslot returns a valid Signature and CKR_OK
Is there some step I have missed/I'm doing wrong?
I also created an issue with the library we use: Pkcs11Interop/Pkcs11Interop#224
Hi,
I had a look at the linked issue and in the log there it appears that 28 bytes are sent in for signature, what mechanism and key type is being used?
Could you please share:
- the debug output from the PKCS#11 module (you can export the environment variable
YKCS11_DBGand set it to something like 9, watch out because operations likeC_Loginwill contain the PIN) - the code that you're trying to run, pseudo-code like you had above is fine, but a bit more details like key type, mechanisms, how much data, etc. would be useful.
Thanks
I'm sorry, it seems like it the actual pkcs library used was opensc-pkcs11 and not the yubico library. I've created a new issue in the opensc issue tracker: OpenSC/OpenSC#2833
No problem. It looks like there's a conversation going on in the other issue. Is it OK to close this one then?
sure, go ahead