Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generating 9C key with nistp256 fails with 6982 #623

Open
dengert opened this issue Feb 7, 2025 · 0 comments
Open

Generating 9C key with nistp256 fails with 6982 #623

dengert opened this issue Feb 7, 2025 · 0 comments

Comments

@dengert
Copy link

dengert commented Feb 7, 2025

nitropy-v0.7.3-x64-windows-binary.exe nk3 piv --experimental generate-key --admin-key 010203040506070801020304050607080102030405060708 --key 9C --algo nistp256 --subject-name "Doug-N3A-01" --domain-component "gamil.com" --subject-alt-name-upn "deengert@gmail.com" --pin 123456 --path "c:\tmp\n3a-01-9C-req"

nitropy.log.rrehh3s1.txt

585        INFO     pivapp Sending 135 '0087039b047c028000'
693        INFO     pivapp Received [610c] 
695        INFO     pivapp Received [9000] 7c0a8008f8174ba5a8eeacf3
695        INFO     pivapp Received final data: [9000] '7c0a8008f8174ba5a8eeacf3'
695        INFO     pivapp Decoded received: 7c0a8008f8174ba5a8eeacf3
697        INFO     pivapp Sending 135 '0087039b167c1480087ea1a98fd4edcd8381084775be27d3337db9'
789        INFO     pivapp Received [610c] 
791        INFO     pivapp Received [9000] 7c0a8208e6f5c231113e7f57
791        INFO     pivapp Received final data: [9000] '7c0a8208e6f5c231113e7f57'
791        INFO     pivapp Decoded received: 7c0a8208e6f5c231113e7f57
791        INFO     pivapp Sending 32 '0020008008313233343536ffff'
3062       INFO     pivapp Received [9000] 
3063       INFO     pivapp Sending 71 '0047009c05ac03800111'
6617       INFO     pivapp Received [6146] 
6620       INFO     pivapp Received [9000] 7f49438641040345b375ecfbed3295fe57f533f7306ea0adc360d0bb235e4d1d171f663d7d4e35d433ed88b3bbb1a7afc770eee84551508348d498c53018ad3cb6b4dded2131
6620       INFO     pivapp Received final data: [9000] '7f49438641040345b375ecfbed3295fe57f533f7306ea0adc360d0bb235e4d1d171f663d7d4e35d433ed88b3bbb1a7afc770eee84551508348d498c53018ad3cb6b4dded2131'
6620       INFO     pivapp Decoded received: 7f49438641040345b375ecfbed3295fe57f533f7306ea0adc360d0bb235e4d1d171f663d7d4e35d433ed88b3bbb1a7afc770eee84551508348d498c53018ad3cb6b4dded2131
6627       INFO     pivapp Sending 135 '0087119c267c24 812096e962450421dcbb7ce4b1bff6cacaa802e8b29bc9005ac3f779030a530d49048200'
6630       INFO     pivapp Received [6982]

This looks like the key was generated, and pubkey returned 7f49 43 86 41 04|x|y

The next APDU returns '69' '82' Security status not satisfied. I don't see where the user pin was verified. (not logged?)
Nist 800-74-4-2016 "Part 1" 3.2.1 X.509 Certificate for Digital Signature The 9C key is "PIN Always"
(I also pressed the touch button too.)

If the operation was meant to be a ECDSA sign: it also look wrong:
` 00 87 11 9c 26 7C 24 81 20 96e9624...

NIST 800-74-4-2016 "Part 2" "A.4.2 ECDSA" says "Data Field '7C' – L1 { '82' '00' '81' L2 {hash value of message}}"
i.e. the `82' '00' is missing.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dengert