engine_pkcs11 icon indicating copy to clipboard operation
engine_pkcs11 copied to clipboard

Published 20 hours ago verified publisher icon OpenSC

Would like enigne_pkcs11 to generate random numbers through HSM.

Open gmt0x0 opened this issue 8 years ago • 4 comments

Is it planned to add the random number generation functionality to the engine?

Regards,

gmt0x0 avatar Jun 16 '16 11:06 gmt0x0

Hi, I'm experimenting with an SC-HSM card from cardcontact.de and have managed to generate random numbers (max 265 byte) by sending APDUs to the card via opensc-tool: opensc-tool -s 00A4040C0be82b0601040181c31f020100 -s 00840000<Le> The last byte (Le) of the GET_CHALLENGE APDU determines the length of the random number chain. I haven't been able to generate more hat 256 bytes (Le=00) because I can't figure out how to send an extended length Le. I know the card can handle up to 0xFFFF random number chains because I have used the test suite provided by cardcontact.de I hope someone can explain to me how to use opensc-tool to send an extended length Le for the GET_CHALLENGE APDU.

seurat-atreides avatar Aug 05 '17 08:08 seurat-atreides

Have you tried pkcs11-tool --generate-random

opensc-tool only supports short APDU's. It is limited in send_apdu which uses buffers based on:

types.h:#define SC_MAX_APDU_BUFFER_SIZE 261 /* takes account of: CLA INS P1 P2 Lc [255 byte of data] Le */

You could send multiple -s commands and combine the results to get a longer chain.

opensc-tool could be modified to allocate buffers rather then using fixed size buffers on the stack. sc_bytes2apdu appears to handle extended APDU's.

On 8/5/2017 3:05 AM, seurat-atreides wrote:

Hi, I'm experimenting with an SC-HSM card from cardcontact.de and have managed to generate random numbers (max 265 byte) by sending APDUs to the card via opensc-tool: opensc-tool -s 00A4040C0be82b0601040181c31f020100 -s 00840000 The last byte (Le) of the GET_CHALLENGE APDU determines the length of the random number chain. I haven't been able to generate more hat 256 bytes (Le=00) because I can't figure out how to send an extended length Le. I know the card can handle up to 0xFFFF random number chains because I have used the test suite provided by cardcontact.de I hope someone can explain to me how to use opensc-tool to send an extended length Le for the GET_CHALLENGE APDU.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/OpenSC/engine_pkcs11/issues/40#issuecomment-320426117, or mute the thread https://github.com/notifications/unsubscribe-auth/AA00ManVrudjIBy0usT3LEJzUrsOYhXyks5sVCJSgaJpZM4I3RqQ.

--

Douglas E. Engert [email protected]

dengert avatar Aug 05 '17 11:08 dengert

I'm running opensc-pkcs11ver 0.15 under ubuntu and --generate-random is not an option. Thanks for the explanation and suggestion.

seurat-atreides avatar Aug 07 '17 05:08 seurat-atreides

It is in 0.17.0. Can you build and try 0.17.0? The engine code calls pkcs11. Testing opensc-pkcs11 would be the first step to getting engine to generate random numbers.

dengert avatar Aug 07 '17 13:08 dengert