Bram Cymet wrote: > I am using a new javacard with the musclecard applet. > > I have been able to generate and sign with 1024 bit keys but when I got > to use 2048 bit keys I can only generate them not sign with them. > > I get the following error: > > 6068:error:8006C06D:lib(128):RSA_PRIV_ENC:msc invalid call:e_musclecard.c:502: > 6068:error:0D0C3006:asn1 encoding routines:ASN1_item_sign:EVPlib:a_sign.c:279: > > Anyone have any idea what is going on? > > If it helps here are the APDUs that get sent: > > Not sure if this will help any one but here are the APDUs sent when > signing with the 1024 bit key: > > ATR: 3B D5 18 FF 80 91 FE 1F C3 80 73 C8 21 13 08 > > C-APDU: 00 A4 04 00 07 A0 00 00 01 51 00 00 00 > R-APDU: 6F 0F 84 07 A0 00 00 01 51 00 00 A5 04 9F 65 01 FF 90 00 > Time: > > C-APDU: 80 50 00 00 08 00 00 00 00 00 00 00 00 00 > R-APDU: 00 00 06 5A 00 10 13 09 72 55 FF 01 B5 06 43 DC CE 11 F2 95 29 > 25 52 DC 19 43 66 58 90 00 > Time: > > C-APDU: 84 82 00 00 10 36 B5 59 1A D0 21 90 69 43 BE BA E8 AD EB A0 B7 00 > R-APDU: 90 00 > Time: > > C-APDU: 80 F2 20 00 02 4F 00 00 > R-APDU: 05 A0 00 00 00 01 01 00 90 00 > Time: > > C-APDU: 80 F2 40 00 02 4F 00 00 > R-APDU: 06 A0 00 00 00 01 01 07 00 90 00 > Time: > > C-APDU: 80 F2 80 00 02 4F 00 00 > R-APDU: 07 A0 00 00 01 51 00 00 3F 9E 90 00 > Time: > > C-APDU: 00 A4 04 00 06 A0 00 00 00 01 01 > R-APDU: 90 00 > Time: 47 ms > > C-APDU: B0 42 01 00 08 31 31 31 31 31 31 31 31 > R-APDU: 90 00 > Time: 47 ms > > C-APDU: B0 36 02 01 05 00 03 01 00 00 > R-APDU: 90 00 > Time: 31 ms > > C-APDU: B0 36 02 03 83 01 00 80 00 01 FF FF FF FF FF FF FF FF FF FF FF > FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF > FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF > FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF > FF FF FF FF FF FF FF 00 30 21 30 09 06 05 2B 0E 03 02 1A 05 00 04 14 C1 > 65 01 42 F7 13 50 C3 2A 0D CC 46 9B 3B CC 0F 0A 1C 45 1F D2 > R-APDU: 00 80 9E 11 7D 5E 53 36 17 81 22 C7 AB B0 83 F6 DC 7F EE 80 E8 > 3B FF DC B3 2C FB AC 0A 6E 9A 98 DB 6C 50 73 E0 F6 64 1E 30 42 93 5B 1A > B6 7C 3A 3E EE 44 A0 D1 26 5B 68 D3 6F 29 6B 5A 26 91 9E EE 94 C8 15 F9 > 76 92 6B C8 3C D8 ED C5 D6 DE 01 80 D4 5B 65 5F A4 7E 43 EA 0B EF 87 CD > B5 12 F7 A9 C8 D6 77 C6 46 9F 2A 97 81 50 9D CF 85 42 71 2A BE AB 30 A2 > 18 15 41 0E D2 8B 12 DB B2 FE 33 4B 7B 90 00 > Time: 313 ms > > C-APDU: B0 70 00 00 02 00 00 > R-APDU: 90 00 > Time: 31 ms > > and here are the APDUs sent when attempting to sign using the 2048 bit > keys: > > ATR: 3B D5 18 FF 80 91 FE 1F C3 80 73 C8 21 13 08 > > C-APDU: 00 A4 04 00 07 A0 00 00 01 51 00 00 00 > R-APDU: 6F 0F 84 07 A0 00 00 01 51 00 00 A5 04 9F 65 01 FF 90 00 > Time: > > C-APDU: 80 50 00 00 08 00 00 00 00 00 00 00 00 00 > R-APDU: 00 00 06 5A 00 10 13 09 72 55 FF 01 FB EC D8 10 37 5D 6E 33 46 > 5E E1 79 33 B0 4F 58 90 00 > Time: > > C-APDU: 84 82 00 00 10 58 B5 FF E9 2E F2 83 15 54 14 37 41 26 75 D1 0E 00 > R-APDU: 90 00 > Time: > > C-APDU: 80 F2 20 00 02 4F 00 00 > R-APDU: 05 A0 00 00 00 01 01 00 90 00 > Time: > > C-APDU: 80 F2 40 00 02 4F 00 00 > R-APDU: 06 A0 00 00 00 01 01 07 00 90 00 > Time: > > C-APDU: 80 F2 80 00 02 4F 00 00 > R-APDU: 07 A0 00 00 01 51 00 00 3F 9E 90 00 > Time: > > C-APDU: 00 A4 04 00 06 A0 00 00 00 01 01 > R-APDU: 90 00 > Time: 31 ms > > Recorded Tue Nov 4 07:28:25 2008 > > C-APDU: B0 42 01 00 08 31 31 31 31 31 31 31 31 > R-APDU: 90 00 > Time: 47 ms > > Recorded Tue Nov 4 07:29:12 2008 > > C-APDU: B0 36 04 01 05 00 03 01 00 00 > R-APDU: 90 00 > Time: 16 ms > > Thanks, > > I am not sure if this will help diagnose the problem but after looking through the muscle engine source code I think I have traced the problem to a MSC_INCONSISTENT_STATUS error. I am not exactly sure what can cause this or how I can fix this.
Any help would be great. Thanks, -- Bram Cymet Software Developer Centre For Technological Innovation Canadian Bank Note Co. Ltd. Cell: 613-608-9752 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
