我希望有人能帮助我解决 PIV smart card standard .
我想通过使用之前生成的 RSA 1024 位模数数字签名 key 0x9C 签署 PKCS#1 填充随机数来验证智能卡。我的测试应用程序的输出如下所示:
Requesting Signature
Sending: 0087069C867C84820081800001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00CB441C4A656E071F1FB9F31BC6AB1824324FB42780
Error: (6A80) Incorrect parameters in command data
这是分割:
00 - Not chained (chaining not required because message does not exceed max length)
87 - GENERAL AUTHENTICATE
06 - RSA 1024 Algorithm
9C - Digital Signature Key
86 - Length of data field
7C - Dynamic Authentication template identifier
84 - Length of dynamic authentication template
82 - Response
00 - Response length 0 (Response requested)
81 - Challenge
80 - Challenge length 128
0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00CB441C4A656E071F1FB9F31BC6AB1824324FB427 - PKCS #1 padded 20-byte Nonce (Padded with OpenSSL RSA_padding_add_PKCS1_type_1)
80 - Expected response length (128 bytes)
我还使用所有不同的 key (已成功生成所有 key )并使用链式消息与单部分消息来运行测试。 进一步查看test data .
最佳答案
我的智能卡上加载的 PIV 卡小程序存在错误。它不会签署任何以 0x00 开头的数据。如果将 0x00 更改为其他任何值(只要整数数据小于 RSA 算法要求的整数模数),它将成功签名。因此,这当然意味着这些卡无法签署任何标准 PKCS1 填充数据:(
感谢您的帮助
关于cryptography - PIV 智能卡 - 一般验证 - 签署随机数,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/10434839/