SAM PSO(Perform Security Operation):CDS(Compute digital signature) 6982 error

Question

I'm trying to compute digital signature RSASSA-PSS with sha256 for my IdentityIdentificationData (ASN1).

Directory file address 0x3D00

Aplication ID A000000061123A22738F4421

Private key folder 0x2F01

My ASN1 encoded hex data after sha256 encoded:

860c30a5f2b254ee92cbd3ec5c4282a940853aaef5f36d50ca20050637aaf4b0

I'm sending this command after SAM pin verified

MSE:SET

002241B606800191840110
SW1SW2:9000

Select File

00A40800043D002F0100
SW1SW2:9000

PSO: Compute Digital Signature

002A9E9A20860c30a5f2b254ee92cbd3ec5c4282a940853aaef5f36d50ca20050637aaf4b000
SW1SW2:6982

I'm a bit new on smart cards. How can i solve this problem. What is wrong or missing.

My SAM don't want to algorithm identifier for RSASSA-PSS.

Answer 1

002241b606800191840181 mse:set is worked on me.

Answer 2

Can you check the access condition of RSA_Sign key ? If the access condition is NEVER then you wont be able to sign with this key. So in such case, SW 6982 make sense.

Answer 3

6982 means: Security condition not satisfied

You should probably send the VERIFY PIN command directly before the PSO: Compute Digital Signature. Signature generation generally has very high requirements with regards to PIN, because the user has give consent for each and every signature. Hence the PIN may be invalidated by each command, especially if that command is an MSE:SET command. Selecting a DF by name may also influence the security environment.

So try the following order:

1. SELECT by Name (AID)
2. MSE:SET (for digital signature)
3. VERIFY PIN
4. PSO:COMPUTE DIGITAL SIGNATURE

---

The signature may also be depending on other security related objects such as an authentication key, for instance one used to setup secure messaging.