SmartCard-HSM card does not list RSA 2048 public keys
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
opensc (Debian) |
Fix Released
|
Unknown
|
|||
opensc (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Trusty |
Fix Released
|
Undecided
|
Unassigned | ||
Utopic |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Impact]
OpenSC 0.13.0 does not list RSA public keys which are of 2048 bits in size on a SmartCard-HSM smart card.
Although the keys are listed after on-card key generation, only the private key is listed later. This issue does not appear for keys of 1024 bits in size on the same card.
[Test Case]
Steps to reproduce:
1. Generate the RSA key of 2048 bits in size in case none of this type is present:
$ pkcs11-tool --module /usr/lib/
Using slot 1 with a present token (0x1)
Logging in to "SmartCard-HSM (UserPIN)".
Please enter User PIN:
Key pair generated:
Private Key Object; RSA
label: Private Key
ID: 10
Usage: decrypt, sign, unwrap
Public Key Object; RSA 2048 bits
label: Private Key
ID: 10
Usage: encrypt, verify, wrap
2. The public key cannot be listed/obained:
2a. using pkcs11-tool, reading the public key fails.
$ pkcs11-tool --module /usr/lib/
Using slot 1 with a present token (0x1)
error: object not found
2b. listing the objects using pcks15-tool will only list the private key object.
$ pkcs15-tool -D
Using reader with a card: Alcor Micro AU9540 00 00
PKCS#15 Card [SmartCard-HSM]:
[...]
PIN [UserPIN]
[...]
PIN [SOPIN]
[...]
Private RSA Key [Private Key]
[...]
ID : 10
[...]
Fix is committed upstream in https:/
Applying fix mentioned above on top of opensc (0.13.0-3ubuntu4) fixes the issue for me, without regenerating keys.
$ pkcs11-tool --module /usr/lib/
Using slot 1 with a present token (0x1)
0000000 8230 0a01 8202 0101 9000 5007 f88a 3370
0000010 a1c3 65e0 8d90 0b3b 0f40 d776 2d84 80be
[...]
[Regression Potential]
This fix is already in Utopic. It is an upstream cherry-pick
Changed in opensc (Ubuntu Trusty): | |
status: | New → Confirmed |
Changed in opensc (Debian): | |
status: | Unknown → New |
Changed in opensc (Debian): | |
status: | New → Fix Released |
Attaching debdiff of proposed fix in bug description.