| 2014-04-23 23:21:05 |
Gert van Dijk |
bug |
|
|
added bug |
| 2014-04-23 23:28:16 |
Gert van Dijk |
attachment added |
|
opensc_0.13.0-3ubuntu4_0.13.0-3ubuntu4ppa1~trusty.debdiff https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/1311921/+attachment/4094845/+files/opensc_0.13.0-3ubuntu4_0.13.0-3ubuntu4ppa1%7Etrusty.debdiff |
|
| 2014-04-24 00:30:48 |
Ubuntu Foundations Team Bug Bot |
tags |
|
patch |
|
| 2014-04-24 00:30:55 |
Ubuntu Foundations Team Bug Bot |
bug |
|
|
added subscriber Ubuntu Sponsors Team |
| 2014-04-25 08:13:32 |
Launchpad Janitor |
opensc (Ubuntu): status |
New |
Confirmed |
|
| 2014-05-02 12:38:24 |
Marc Deslauriers |
nominated for series |
|
Ubuntu Trusty |
|
| 2014-05-02 12:38:24 |
Marc Deslauriers |
bug task added |
|
opensc (Ubuntu Trusty) |
|
| 2014-05-02 12:38:24 |
Marc Deslauriers |
nominated for series |
|
Ubuntu Utopic |
|
| 2014-05-02 12:38:24 |
Marc Deslauriers |
bug task added |
|
opensc (Ubuntu Utopic) |
|
| 2014-05-02 12:39:24 |
Marc Deslauriers |
opensc (Ubuntu Trusty): status |
New |
Confirmed |
|
| 2014-05-02 13:05:46 |
Marc Deslauriers |
opensc (Ubuntu Utopic): status |
Confirmed |
Fix Committed |
|
| 2014-05-02 13:05:48 |
Marc Deslauriers |
opensc (Ubuntu Trusty): status |
Confirmed |
In Progress |
|
| 2014-05-02 13:05:57 |
Marc Deslauriers |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2014-05-02 13:14:48 |
Marc Deslauriers |
bug watch added |
|
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746663 |
|
| 2014-05-02 13:14:48 |
Marc Deslauriers |
bug task added |
|
opensc (Debian) |
|
| 2014-05-02 13:31:27 |
Launchpad Janitor |
opensc (Ubuntu Utopic): status |
Fix Committed |
Fix Released |
|
| 2014-05-02 14:58:33 |
Bug Watch Updater |
opensc (Debian): status |
Unknown |
New |
|
| 2014-05-04 03:02:04 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/opensc |
|
| 2014-05-05 18:21:50 |
Chris J Arges |
description |
OpenSC 0.13.0 does not list RSA public keys which are of 2048 bits in size on a SmartCard-HSM smart card.
Although the keys are listed after on-card key generation, only the private key is listed later. This issue does not appear for keys of 1024 bits in size on the same card.
Steps to reproduce:
1. Generate the RSA key of 2048 bits in size in case none of this type is present:
$ pkcs11-tool --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -l --keypairgen --key-type rsa:2048 --id 10
Using slot 1 with a present token (0x1)
Logging in to "SmartCard-HSM (UserPIN)".
Please enter User PIN:
Key pair generated:
Private Key Object; RSA
label: Private Key
ID: 10
Usage: decrypt, sign, unwrap
Public Key Object; RSA 2048 bits
label: Private Key
ID: 10
Usage: encrypt, verify, wrap
2. The public key cannot be listed/obained:
2a. using pkcs11-tool, reading the public key fails.
$ pkcs11-tool --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so --id 10 --read-object --type pubkey
Using slot 1 with a present token (0x1)
error: object not found
2b. listing the objects using pcks15-tool will only list the private key object.
$ pkcs15-tool -D
Using reader with a card: Alcor Micro AU9540 00 00
PKCS#15 Card [SmartCard-HSM]:
[...]
PIN [UserPIN]
[...]
PIN [SOPIN]
[...]
Private RSA Key [Private Key]
[...]
ID : 10
[...]
Fix is committed upstream in https://github.com/OpenSC/OpenSC/commit/99af6cd8ee78776f50bc016fc230541072c60afb
Applying fix mentioned above on top of opensc (0.13.0-3ubuntu4) fixes the issue for me, without regenerating keys.
$ pkcs11-tool --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so --id 10 --read-object --type pubkey | hexdump
Using slot 1 with a present token (0x1)
0000000 8230 0a01 8202 0101 9000 5007 f88a 3370
0000010 a1c3 65e0 8d90 0b3b 0f40 d776 2d84 80be
[...] |
[Impact]
OpenSC 0.13.0 does not list RSA public keys which are of 2048 bits in size on a SmartCard-HSM smart card.
Although the keys are listed after on-card key generation, only the private key is listed later. This issue does not appear for keys of 1024 bits in size on the same card.
[Test Case]
Steps to reproduce:
1. Generate the RSA key of 2048 bits in size in case none of this type is present:
$ pkcs11-tool --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -l --keypairgen --key-type rsa:2048 --id 10
Using slot 1 with a present token (0x1)
Logging in to "SmartCard-HSM (UserPIN)".
Please enter User PIN:
Key pair generated:
Private Key Object; RSA
label: Private Key
ID: 10
Usage: decrypt, sign, unwrap
Public Key Object; RSA 2048 bits
label: Private Key
ID: 10
Usage: encrypt, verify, wrap
2. The public key cannot be listed/obained:
2a. using pkcs11-tool, reading the public key fails.
$ pkcs11-tool --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so --id 10 --read-object --type pubkey
Using slot 1 with a present token (0x1)
error: object not found
2b. listing the objects using pcks15-tool will only list the private key object.
$ pkcs15-tool -D
Using reader with a card: Alcor Micro AU9540 00 00
PKCS#15 Card [SmartCard-HSM]:
[...]
PIN [UserPIN]
[...]
PIN [SOPIN]
[...]
Private RSA Key [Private Key]
[...]
ID : 10
[...]
Fix is committed upstream in https://github.com/OpenSC/OpenSC/commit/99af6cd8ee78776f50bc016fc230541072c60afb
Applying fix mentioned above on top of opensc (0.13.0-3ubuntu4) fixes the issue for me, without regenerating keys.
$ pkcs11-tool --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so --id 10 --read-object --type pubkey | hexdump
Using slot 1 with a present token (0x1)
0000000 8230 0a01 8202 0101 9000 5007 f88a 3370
0000010 a1c3 65e0 8d90 0b3b 0f40 d776 2d84 80be
[...]
[Regression Potential]
This fix is already in Utopic. It is an upstream cherry-pick |
|
| 2014-05-05 18:22:21 |
Chris J Arges |
opensc (Ubuntu Trusty): status |
In Progress |
Fix Committed |
|
| 2014-05-05 18:22:27 |
Chris J Arges |
bug |
|
|
added subscriber SRU Verification |
| 2014-05-05 18:22:39 |
Chris J Arges |
tags |
patch |
patch verification-needed |
|
| 2014-05-05 18:28:48 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/trusty-proposed/opensc |
|
| 2014-05-09 22:49:38 |
Brian Murray |
removed subscriber Ubuntu Sponsors Team |
|
|
|
| 2014-05-21 20:53:54 |
Jasper van Gelder |
tags |
patch verification-needed |
patch verification-done |
|
| 2014-05-22 16:20:34 |
Launchpad Janitor |
opensc (Ubuntu Trusty): status |
Fix Committed |
Fix Released |
|
| 2014-05-22 16:20:38 |
Scott Kitterman |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
| 2014-07-06 07:44:58 |
Bug Watch Updater |
opensc (Debian): status |
New |
Fix Released |
|
