Hi, On Mon, 2022-07-04 at 22:00 +0200, Ansgar wrote: > The correct signature (using OpenSSL) has: > > +--- > > 138 256: OCTET STRING > > : 00 00 45 75 A8 93 B1 B1 37 0A 53 69 82 BB 1C B6 > +---[ data.ko.p7s.success ] > > The incorrect signature from the YK has: > > +--- > > 138 254: OCTET STRING > > : 82 45 75 A8 93 B1 B1 37 0A 53 69 82 BB 1C B6 E7 > +---[ data.ko.p7s.fail ] > > So there is also a wrong byte at the beginning. > The incorrect signature also misses one byte at the end.
As a further test I tried a different PKCS#11 module: Modify reproduce.sh and set +--- | pkcs11_uri="pkcs11:token=Test%20Key;manufacturer=piv_II;model=PKCS%2315%20emulated" | export PKCS11_MODULE_PATH=/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so +--- This results in yet a different error: +--- | 138 256: OCTET STRING | : 00 00 82 45 75 A8 93 B1 B1 37 0A 53 69 82 BB 1C +--- The total size is correct, but it includes one incorrect byte at the beginning (byte #3, 0x82) and the last byte is missing. I've attached this signature as well. Ansgar
data.ko.p7s.fail-opensc
Description: Binary data
