user2609706
Reputation: 1
Smart Card eToken PRO CardOS/M4 Digital Signature APDU
I've got a sample from eToken SDK that generates RSA keys, creates digital signature and verifies it. The algorithm in the sample is the following:
- generate RSA keys (GENERATE_KEY_PAIR);
- create security environment for signature (PUT_DATA_SECI);
- restore security environment (MSE RESTORE);
- sign data (PSO_CDS);
- create security environment for verification (PUT_DATA_SECI);
- restore security environment (MSE RESTORE);
- verify signature (PDO_VDS).
I have imported external key containers with certificates to token and I need to get rid of RSA key generation item in algorithm. How may I find Object ID of my private key to pass it to PUT_DATA_SECI APDU command?
Upvotes: 0
Views: 887
Answers (1)
user2609706
Reputation: 1
The private RSA stored on the token is RSA_PURE (0x0c). It can't be used for PSO_CDS operation. They have to properly pad the hash value (rfc-2313: block type 1 + hash OID) and to use PSO_DEC to get signature. The result will be the same binary data as for PSO_CDS.
Upvotes: 0
Related Questions
- (Smart Card) APDU Command to sign
- Tachograph smart card .ddd file signature
- How to compute a digital signature on a Smartcard?
- Digital signatures with inserted private key to smart card
- pcsc-sharp Mifare Authentication
- EMV Secure Messaging
- EMV Static Data Authentication
- Sign file using smartcardio
- Slovak eVRC smart card (AID)
- eVRC smart cards