SmartCard-HSM card fails when generating ECC keypair
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
opensc (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Generating an ECC keypair on-card will result in a private key on the card, but it does not list the public key (pkcs15-tool -D, pkcs11-tool --list-objects). Possibly related to #1311921.
Steps to reproduce:
1. Generate an ECC keypair will produce a warning:
$ pkcs11-tool --module opensc-pkcs11.so -l --keypairgen --key-type EC:prime256v1 --label "My first EC key" --id 12
Outputs a warning which is unexpected:
Using slot 1 with a present token (0x1)
Logging in to "SmartCard-HSM (UserPIN)".
Please enter User PIN:
Key pair generated:
Private Key Object; EC
label: My first EC key
ID: 12
Usage: decrypt, sign, unwrap
Public Key Object; EC EC_POINT 264 bits
EC_POINT: 04430441049c70f
warning: PKCS11 function C_GetAttributeV
label: My first EC key
ID: 12
Usage: encrypt, verify, wrap
2. Verifying both the public and private key to be listed fails. Only my RSA public keys are listed.
$ pkcs15-tool -D
[...]
Private RSA Key [Private Key]
[...]
Private RSA Key [rsa1024 test]
[...]
Private EC Key [My first EC key]
[...]
Public RSA Key [Private Key]
[...]
Public RSA Key [rsa1024 test]
[...]
$ pkcs11-tool --module opensc-pkcs11.so --list-objects
Using slot 1 with a present token (0x1)
Public Key Object; RSA 2048 bits
label: Private Key
ID: 10
Usage: none
Public Key Object; RSA 1024 bits
label: rsa1024 test
ID: 11
Usage: none
Applying https:/
I'm currently researching on how to get this working with a minimal set of patches from upstream.
tags: | added: upgrade-software-version |
Status changed to 'Confirmed' because the bug affects multiple users.