New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
update fips token support #3081
base: master
Are you sure you want to change the base?
Conversation
update fips token support
comment dead code
please revert your changes on the OpenSSL logging and change the formatting as suggested in the clang-format CI run. |
Co-authored-by: Frank Morgner <frankmorgner@gmail.com>
Co-authored-by: Frank Morgner <frankmorgner@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please, try to use the formatting proposed by the clang-format CI where possible to improve readability.
Please put back the logging that you likely accidentally removed.
Please, squash the fixup commits.
Please rebase on top of upstream instead of introducing merge commits.
The commit messages could be little bit more descriptive than "update fips token support". What was the issue? How was it fixed? What token version does it affect?
modified logical judgement
Is this response to #2843 and comments #2843 (comment) and #2843 (comment) (which was sent to ftsafe.us as a bug report) ? Commit haijie-ftsafe@901f270 in The real problem with some FIPS-2 cards is RSA-2048 does not work. |
|
@haijie-ftsafe, I see you used I am using OpenSC 0.25.0 or master, with 84ce488 and these commands:
The
Note ECDSA works, but RSA sig fails. The Auth ID for both keys is 01, the only key. Is it possible the token is hard coded to only use "Auth ID 02" for FIPS RSA? Or the pkcs15-init tool is not setting the ACLs correctly on the card? If I run without
It did not use the pin and puk from command line, but prompted for them. The tokens that are failing all have Tag "84 02 1D D4" Minor comment: Unfortunately, your time zone is 13 hours earlier then mine, making communications difficult. |
Fix syntax errors
@haijie-ftsafe I have the same behavior as dengert reported with your new commits. It would be appreciated if you can provider some insights on how you are able to use auth-id 02. |
@haijie-ftsafe and @devshah89 can you run this command to get the ATR and the epass2003 data object? All the cards that fail have this output:
@devshah89 @drodgers-immt @zepingouin @faryon93 If you have not filed a bug report with ftsafe, please do so. The process may vary by country. As they appear to have multiple Subsidiaries. |
Thank you. I am getting the same output. I have filled a bug report with
ftsafe.
…On Mon, Apr 1, 2024 at 10:27 AM Doug Engert ***@***.***> wrote:
@haijie-ftsafe <https://github.com/haijie-ftsafe> and @devshah89
<https://github.com/devshah89> can you run this command to get the ATR
and the epass2003 data object?
opensc-tool --card-driver default --send-apdu 00:CA:01:86:00
All the cards that fail have this output:
$ opensc-tool --card-driver default -a --send-apdu 00:CA:01:86:00
Using reader with a card: Feitian ePass2003 00 00
3b:9f:95:81:31:fe:9f:00:66:46:53:05:10:11:31:71:df:00:00:03:90:00:a0
Sending: 00 CA 01 86 00
Received (SW1=0x90, SW2=0x00):
80 01 01 81 02 1D D4 82 01 00 83 02 00 00 84 01 ................
01 85 0A 07 55 2E 6F 44 EB 00 1A 00 03 86 01 00 ....U.oD........
87 01 01
@devshah89 <https://github.com/devshah89> @drodgers-immt
<https://github.com/drodgers-immt> @zepingouin
<https://github.com/zepingouin> @faryon93 <https://github.com/faryon93>
If you have not filed a bug report with ftsafe, please do so. The process
may vary by country. As they appear to have multiple Subsidiaries.
—
Reply to this email directly, view it on GitHub
<#3081 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AG52NSK46KBZURNXVWRH3QDY3GKIBAVCNFSM6AAAAABFAY2JDGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMZQGIYDIMJSGU>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
Checklist