[Muscle] Re: Signing Problems (Bram Cymet)

Michael StJohns mstjohns at comcast.net
Tue Nov 4 09:41:05 PST 2008 

I'm not sure where the error is coming from - its not in the source code I have for this.

But..  the error is probably not with muscle, but with how muscle talks to openssl.  Those are openssl errors.  It looks like its trying to encode the private key in ASN1 and there's no reason it should be doing that.

The APDUs you included show that the card got through the initialization phase of signing without problem.

http://www.linuxnet.com/musclecard/files/mcardprot-1.2.1.pdf




At 10:39 AM 11/4/2008, Bram Cymet wrote:
>muscle-request at lists.musclecard.com wrote:
>> Send Muscle mailing list submissions to
>>       muscle at lists.musclecard.com
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>>       http://lists.drizzle.com/mailman/listinfo/muscle
>> or, via email, send a message with subject or body 'help' to
>>       muscle-request at lists.musclecard.com
>>
>> You can reach the person managing the list at
>>       muscle-owner at lists.musclecard.com
>>
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of Muscle digest..."
>>
>>
>> Today's Topics:
>>
>>    1. Re: Re: Problem Formatting Card and other Issues        (Michael,
>>       StJohns) (Michael StJohns) (Bram Cymet)
>>    2. Signing Problems (Bram Cymet)
>>
>>
>> ----------------------------------------------------------------------
>>
>> Message: 1
>> Date: Fri, 31 Oct 2008 13:12:49 -0400
>> From: Bram Cymet <bcymet at cbnco.com>
>> Subject: [Muscle] Re: Re: Problem Formatting Card and other Issues
>>       (Michael, StJohns) (Michael StJohns)
>> To: muscle at lists.musclecard.com
>> Message-ID: <490B3C91.7060809 at cbnco.com>
>> Content-Type: text/plain; charset=ISO-8859-1
>>
>> I am even closer now. I was able to successfully format the card and
>> generate keys. Now I have a problem when I go and a sign something.
>>
>> I get:
>>
>> 6068:error:8006C06D:lib(128):RSA_PRIV_ENC:msc invalid
>> call:e_musclecard.c:502:
>> 6068:error:0D0C3006:asn1 encoding routines:ASN1_item_sign:EVP
>> lib:a_sign.c:279:
>>
>> Anyone have any ideas what is going on?
>>
>> muscle-request at lists.musclecard.com wrote:
>>   
>>> Send Muscle mailing list submissions to
>>>      muscle at lists.musclecard.com
>>>
>>> To subscribe or unsubscribe via the World Wide Web, visit
>>>      http://lists.drizzle.com/mailman/listinfo/muscle
>>> or, via email, send a message with subject or body 'help' to
>>>      muscle-request at lists.musclecard.com
>>>
>>> You can reach the person managing the list at
>>>      muscle-owner at lists.musclecard.com
>>>
>>> When replying, please edit your Subject line so it is more specific
>>> than "Re: Contents of Muscle digest..."
>>>
>>>
>>> Today's Topics:
>>>
>>>    1. Re: Problem Formatting Card and other Issues (Michael
>>>       StJohns) (Bram Cymet)
>>>    2. Re: Re: Problem Formatting Card and other Issues       (Michael
>>>       StJohns) (Michael StJohns)
>>>    3. Re: Re: Problem Formatting Card and other Issues       (Michael
>>>       StJohns) (Michael StJohns)
>>>
>>>
>>> ----------------------------------------------------------------------
>>>
>>> Message: 1
>>> Date: Thu, 30 Oct 2008 12:29:38 -0400
>>> From: Bram Cymet <bcymet at cbnco.com>
>>> Subject: [Muscle] Re: Problem Formatting Card and other Issues
>>>      (Michael        StJohns)
>>> To: muscle at lists.musclecard.com
>>> Message-ID: <4909E0F2.9090109 at cbnco.com>
>>> Content-Type: text/plain; charset=ISO-8859-1
>>>
>>> muscle-request at lists.musclecard.com wrote:
>>>   
>>>     
>>>> Send Muscle mailing list submissions to
>>>>     muscle at lists.musclecard.com
>>>>
>>>> To subscribe or unsubscribe via the World Wide Web, visit
>>>>     http://lists.drizzle.com/mailman/listinfo/muscle
>>>> or, via email, send a message with subject or body 'help' to
>>>>     muscle-request at lists.musclecard.com
>>>>
>>>> You can reach the person managing the list at
>>>>     muscle-owner at lists.musclecard.com
>>>>
>>>> When replying, please edit your Subject line so it is more specific
>>>> than "Re: Contents of Muscle digest..."
>>>>
>>>>
>>>> Today's Topics:
>>>>
>>>>    1. Problem Formatting Card and other Issues (Bram Cymet)
>>>>    2. Re: Problem Formatting Card and other Issues (Michael StJohns)
>>>>    3. Re: Problem Formatting Card and other Issues (Michael StJohns)
>>>>    4. Re: Problem Formatting Card and other Issues (Michael StJohns)
>>>>    5. Re: Problem Formatting Card and other Issues (Michael StJohns)
>>>>
>>>>
>>>> ----------------------------------------------------------------------
>>>>
>>>> Message: 1
>>>> Date: Wed, 29 Oct 2008 15:15:13 -0400
>>>> From: Bram Cymet <bcymet at cbnco.com>
>>>> Subject: [Muscle] Problem Formatting Card and other Issues
>>>> To: muscle at lists.musclecard.com
>>>> Message-ID: <4908B641.2070106 at cbnco.com>
>>>> Content-Type: text/plain; charset=ISO-8859-1
>>>>
>>>> Hi,
>>>>
>>>> I am using Atheca IDProtext Dual cards and I am able load the muscle app
>>>> onto the card without any problems. In muscleTool I can list the tokens
>>>> and find it and connect to it. I am having a few problems though:
>>>>
>>>> 1) When I run verify I get : ERR: VerifyPIN Failed ! (0x9C05 Feature
>>>> unsupported)
>>>>
>>>> 2) I get the same error when I try genkeys
>>>>
>>>> I did some research and it seems that this error could be because the
>>>> card is not formatted. So I tried the format command. I entered in what
>>>> I thought were correct values (I am still a little iffy on what a user
>>>> unblock pin is but when I try to format muscleTool either segfualts on
>>>> me or Formatting token [*] : Failed (Unspecified error).
>>>>
>>>> Any help would be great!
>>>>
>>>> Thanks,
>>>>
>>>>   
>>>>     
>>>>       
>>> I compiled muscleTool from scratch and then rerun the format. I know get
>>> a clearer error message.
>>> I get  Formating token [*] : ERR: Format failed ! (0x9C02 Authentication
>>> failed)
>>>
>>> Any ideas how I can fix this?
>>>
>>>   
>>>     
>>
>>
>>   
>Not sure if this will help any one but here are the APDUs sent when
>signing with the 1024 bit key:
>
>ATR:    3B D5 18 FF 80 91 FE 1F C3 80 73 C8 21 13 08
>
>C-APDU: 00 A4 04 00 07 A0 00 00 01 51 00 00 00
>R-APDU: 6F 0F 84 07 A0 00 00 01 51 00 00 A5 04 9F 65 01 FF 90 00
>Time:  
>
>C-APDU: 80 50 00 00 08 00 00 00 00 00 00 00 00 00
>R-APDU: 00 00 06 5A 00 10 13 09 72 55 FF 01 B5 06 43 DC CE 11 F2 95 29
>25 52 DC 19 43 66 58 90 00
>Time:  
>
>C-APDU: 84 82 00 00 10 36 B5 59 1A D0 21 90 69 43 BE BA E8 AD EB A0 B7 00
>R-APDU: 90 00
>Time:  
>
>C-APDU: 80 F2 20 00 02 4F 00 00
>R-APDU: 05 A0 00 00 00 01 01 00 90 00
>Time:  
>
>C-APDU: 80 F2 40 00 02 4F 00 00
>R-APDU: 06 A0 00 00 00 01 01 07 00 90 00
>Time:  
>
>C-APDU: 80 F2 80 00 02 4F 00 00
>R-APDU: 07 A0 00 00 01 51 00 00 3F 9E 90 00
>Time:  
>
>C-APDU: 00 A4 04 00 06 A0 00 00 00 01 01
>R-APDU: 90 00
>Time:   47 ms
>
>C-APDU: B0 42 01 00 08 31 31 31 31 31 31 31 31
>R-APDU: 90 00
>Time:   47 ms
>
>C-APDU: B0 36 02 01 05 00 03 01 00 00
>R-APDU: 90 00
>Time:   31 ms
>
>C-APDU: B0 36 02 03 83 01 00 80 00 01 FF FF FF FF FF FF FF FF FF FF FF
>FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
>FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
>FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
>FF FF FF FF FF FF FF 00 30 21 30 09 06 05 2B 0E 03 02 1A 05 00 04 14 C1
>65 01 42 F7 13 50 C3 2A 0D CC 46 9B 3B CC 0F 0A 1C 45 1F D2
>R-APDU: 00 80 9E 11 7D 5E 53 36 17 81 22 C7 AB B0 83 F6 DC 7F EE 80 E8
>3B FF DC B3 2C FB AC 0A 6E 9A 98 DB 6C 50 73 E0 F6 64 1E 30 42 93 5B 1A
>B6 7C 3A 3E EE 44 A0 D1 26 5B 68 D3 6F 29 6B 5A 26 91 9E EE 94 C8 15 F9
>76 92 6B C8 3C D8 ED C5 D6 DE 01 80 D4 5B 65 5F A4 7E 43 EA 0B EF 87 CD
>B5 12 F7 A9 C8 D6 77 C6 46 9F 2A 97 81 50 9D CF 85 42 71 2A BE AB 30 A2
>18 15 41 0E D2 8B 12 DB B2 FE 33 4B 7B 90 00
>Time:   313 ms
>
>C-APDU: B0 70 00 00 02 00 00
>R-APDU: 90 00
>Time:   31 ms
>
>and here are the APDUs sent when attempting to sign using the 2048 bit
>keys:
>
>ATR:    3B D5 18 FF 80 91 FE 1F C3 80 73 C8 21 13 08
>
>C-APDU: 00 A4 04 00 07 A0 00 00 01 51 00 00 00
>R-APDU: 6F 0F 84 07 A0 00 00 01 51 00 00 A5 04 9F 65 01 FF 90 00
>Time:  
>
>C-APDU: 80 50 00 00 08 00 00 00 00 00 00 00 00 00
>R-APDU: 00 00 06 5A 00 10 13 09 72 55 FF 01 FB EC D8 10 37 5D 6E 33 46
>5E E1 79 33 B0 4F 58 90 00
>Time:  
>
>C-APDU: 84 82 00 00 10 58 B5 FF E9 2E F2 83 15 54 14 37 41 26 75 D1 0E 00
>R-APDU: 90 00
>Time:  
>
>C-APDU: 80 F2 20 00 02 4F 00 00
>R-APDU: 05 A0 00 00 00 01 01 00 90 00
>Time:  
>
>C-APDU: 80 F2 40 00 02 4F 00 00
>R-APDU: 06 A0 00 00 00 01 01 07 00 90 00
>Time:  
>
>C-APDU: 80 F2 80 00 02 4F 00 00
>R-APDU: 07 A0 00 00 01 51 00 00 3F 9E 90 00
>Time:  
>
>C-APDU: 00 A4 04 00 06 A0 00 00 00 01 01
>R-APDU: 90 00
>Time:   31 ms
>
>Recorded Tue Nov 4 07:28:25 2008
>
>C-APDU: B0 42 01 00 08 31 31 31 31 31 31 31 31
>R-APDU: 90 00
>Time:   47 ms
>
>Recorded Tue Nov 4 07:29:12 2008
>
>C-APDU: B0 36 04 01 05 00 03 01 00 00
>R-APDU: 90 00
>Time:   16 ms
>
>
>
>-- 
>Bram Cymet
>Software Developer
>Centre For Technological Innovation
>Canadian Bank Note Co. Ltd.
>Cell: 613-608-9752
>
>
>_______________________________________________
>Muscle mailing list
>Muscle at lists.musclecard.com
>http://lists.drizzle.com/mailman/listinfo/muscle

More information about the Muscle mailing list