I have SmartCard-HSM with an RSA-2048 bit key and certificate which fails with pkcs11-tool (OpenSC version 0.21 & 0.22) and receive
PKCS11 function C_SignFinal failed: rv = CKR_GENERAL_ERROR (0x5) on OpenSC 0.21 & 0.22
but works perfectly fine with pkcs11-tool (OpenSC version 0.15)
################################################################
OUTPUT on OpenSC 0.21 & 0.22 on Debian 11
pkcs11-tool -l -t
Using slot 0 with a present token (0x0)
Logging in to "SmartCard-HSM (UserPIN)".
Please enter User PIN:
C_SeedRandom() and C_GenerateRandom():
seeding (C_SeedRandom) not supported
seems to be OK
Digests:
all 4 digest functions seem to work
MD5: OK
SHA-1: OK
RIPEMD160: OK
Signatures (currently only for RSA)
testing key 0 (httpdcert)
error: PKCS11 function C_SignFinal failed: rv = CKR_GENERAL_ERROR (0x5)
Aborting.
################################################################
OUTPUT on OpenSC 0.15 on Windows Server 2019
C:\Program Files (x86)\OpenSC Project\OpenSC\tools>pkcs11-tool.exe -t -l
Using slot 1 with a present token (0x1)
Logging in to "SmartCard-HSM (UserPIN)".
Please enter User PIN: 2022-01-20 12:34:47.201 cannot lock memory, sensitive data may be paged to disk
C_SeedRandom() and C_GenerateRandom():
seeding (C_SeedRandom) not supported
seems to be OK
Digests:
all 4 digest functions seem to work
MD5: OK
SHA-1: OK
RIPEMD160: OK
Signatures (currently only RSA signatures)
testing key 0 (httpdcert)
all 4 signature functions seem to work
testing signature mechanisms:
RSA-X-509: OK
RSA-PKCS: OK
SHA1-RSA-PKCS: OK
MD5-RSA-PKCS: OK
RIPEMD160-RSA-PKCS: OK
SHA256-RSA-PKCS: OK
Verify (currently only for RSA):
testing key 0 (httpdcert)
RSA-X-509: OK
RSA-PKCS: OK
SHA1-RSA-PKCS: OK
MD5-RSA-PKCS: OK
RIPEMD160-RSA-PKCS: OK
Unwrap: not implemented
Decryption (RSA)
testing key 0 (httpdcert)
RSA-X-509: OK
RSA-PKCS: OK
No errors
scottthomas007
commented
2 years ago
Bonjour Community & Support,
I have SmartCard-HSM with an RSA-2048 bit key and certificate which fails with pkcs11-tool (OpenSC version 0.21 & 0.22) and receive PKCS11 function C_SignFinal failed: rv = CKR_GENERAL_ERROR (0x5) on OpenSC 0.21 & 0.22
but works perfectly fine with pkcs11-tool (OpenSC version 0.15)
################################################################ OUTPUT on OpenSC 0.21 & 0.22 on Debian 11
pkcs11-tool -l -t Using slot 0 with a present token (0x0) Logging in to "SmartCard-HSM (UserPIN)". Please enter User PIN: C_SeedRandom() and C_GenerateRandom(): seeding (C_SeedRandom) not supported seems to be OK Digests: all 4 digest functions seem to work MD5: OK SHA-1: OK RIPEMD160: OK Signatures (currently only for RSA) testing key 0 (httpdcert) error: PKCS11 function C_SignFinal failed: rv = CKR_GENERAL_ERROR (0x5) Aborting.
################################################################
################################################################ OUTPUT on OpenSC 0.15 on Windows Server 2019 C:\Program Files (x86)\OpenSC Project\OpenSC\tools>pkcs11-tool.exe -t -l Using slot 1 with a present token (0x1) Logging in to "SmartCard-HSM (UserPIN)". Please enter User PIN: 2022-01-20 12:34:47.201 cannot lock memory, sensitive data may be paged to disk C_SeedRandom() and C_GenerateRandom(): seeding (C_SeedRandom) not supported seems to be OK Digests: all 4 digest functions seem to work MD5: OK SHA-1: OK RIPEMD160: OK Signatures (currently only RSA signatures) testing key 0 (httpdcert) all 4 signature functions seem to work testing signature mechanisms: RSA-X-509: OK RSA-PKCS: OK SHA1-RSA-PKCS: OK MD5-RSA-PKCS: OK RIPEMD160-RSA-PKCS: OK SHA256-RSA-PKCS: OK Verify (currently only for RSA): testing key 0 (httpdcert) RSA-X-509: OK RSA-PKCS: OK SHA1-RSA-PKCS: OK MD5-RSA-PKCS: OK RIPEMD160-RSA-PKCS: OK Unwrap: not implemented Decryption (RSA) testing key 0 (httpdcert) RSA-X-509: OK RSA-PKCS: OK No errors
C:\Program Files (x86)\OpenSC Project\OpenSC\tools>