open-eid / libdigidocpp

Libdigidocpp library offers creating, signing and verification of digitally signed documents, according to XAdES and XML-DSIG standards. Documentation http://open-eid.github.io/libdigidocpp
Other
97 stars 47 forks source link

Can't sign documents #162

Closed m-kad closed 7 years ago

m-kad commented 7 years ago
digidoc-tool create --file=asd demo-container.bdoc
Version
  digidoc-tool version: 3.13.2.1355
  libdigidocpp version: 3.13.2.1355_ddoc
DEBUG [Connect.cpp:53] - Connecting to URL: https://ec.europa.eu/information_society/policy/esignature/trusted-list/tl-mp.sha2
DEBUG [Connect.cpp:75] - Connecting to Host: ec.europa.eu:443
DEBUG [Connect.cpp:53] - Connecting to URL: https://ec.europa.eu/information_society/policy/esignature/trusted-list/tl-mp.xml
DEBUG [Connect.cpp:75] - Connecting to Host: ec.europa.eu:443
DEBUG [TSL.cpp:549] - Last modified: Tue, 17 Oct 2017 14:33:47 GMT
DEBUG [TSL.cpp:559] - Cached timestamp: Tue, 17 Oct 2017 14:33:47 GMT
DEBUG [TSL.cpp:246] - TSL tl-mp.xml signature is valid
DEBUG [Connect.cpp:53] - Connecting to URL: https://sr.riik.ee/tsl/estonian-tsl.sha2
DEBUG [Connect.cpp:75] - Connecting to Host: sr.riik.ee:443
DEBUG [TSL.cpp:246] - TSL EE.xml signature is valid
INFO [X509CertStore.cpp:84] - Loaded 42 certificates into TSL certificate store.
DEBUG [PKCS11Signer.cpp:138] - PKCS11Signer(driver = 'opensc-pkcs11.so')
DEBUG [PKCS11Signer.cpp:182] - PKCS11Signer::getCert()
Available certificates:
  label: XXXX,XXX,XXXXX
Selected:
  label: XXXX,XXX,XXXXX
DEBUG [PKCS11Signer.cpp:310] - sign(mehthod = http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256, digest = length=32)
Please enter PIN for token 'XXXX,XXX,XXXXX' or <enter> to cancel: 
DEBUG [PKCS11Signer.cpp:157] - ~PKCS11Signer()
Caught Exception:
ASiC_E.cpp:348 code(General) Failed to sign BDOC container.
PKCS11Signer.cpp:384 code(General) Failed to sign digest

In UI I get following error:

ASiC_E.cpp:348 Failed to sign BDOC container.
QSigner.cpp:448 Dokumendi allkirjastamine ebaõnnestus

Doesn't matter if I select BDOC or ASIC-E format

Seems like digest is missing for some reason

Using Arch linux, packages installed from AUR, there seems to be problem with Arch https://aur.archlinux.org/packages/qesteidutil/ Any help?

metsma commented 7 years ago

http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 Do you have updated opensc? You can find OpenSC EstEID ECDSA patch here https://github.com/OpenSC/OpenSC/commit/be35d3d026634ad7eaacf898c2935b3558ac612e

m-kad commented 7 years ago

Tnx, OpenSC upgrade fix the problem