我希望有人可以帮我PIV smart card standard。
我想通过使用先前生成的RSA 1024位模数数字签名密钥0x9C对PKCS#1填充的nonce进行签名来验证智能卡。以下是我的测试应用程序的输出结果:
Requesting Signature
Sending: 0087069C867C84820081800001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00CB441C4A656E071F1FB9F31BC6AB1824324FB42780
Error: (6A80) Incorrect parameters in command data
以下是细分:
00 - Not chained (chaining not required because message does not exceed max length)
87 - GENERAL AUTHENTICATE
06 - RSA 1024 Algorithm
9C - Digital Signature Key
86 - Length of data field
7C - Dynamic Authentication template identifier
84 - Length of dynamic authentication template
82 - Response
00 - Response length 0 (Response requested)
81 - Challenge
80 - Challenge length 128
0001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00CB441C4A656E071F1FB9F31BC6AB1824324FB427 - PKCS #1 padded 20-byte Nonce (Padded with OpenSSL RSA_padding_add_PKCS1_type_1)
80 - Expected response length (128 bytes)
我还使用所有不同的密钥运行测试(已经成功生成了所有密钥)并使用链式消息和单个部分消息。 请参阅test data。
答案 0 :(得分:2)
我的智能卡上装有PIV卡小程序的错误。它不会签署任何以0x00开头的数据。如果将0x00更改为其他任何内容(只要数据作为整数小于模数作为RSA算法的每个要求的整数),它将成功签名。所以当然这意味着这些卡不能签署任何标准的PKCS1填充数据:(
感谢您的帮助