Fails to sign with 4096 bit RSA #80

New Issue

Open

opened 2025-03-04 05:56:48 +08:00 by daniel-starke · 21 comments

daniel-starke commented 2025-03-04 05:56:48 +08:00 (Migrated from https://github.com/polhenarejos/pico-hsm)

Copy Link

I am using a Xiao RP2350 with PicoHSM FW 5.4 as provided in the release notes here.
I am executing the following commands on Windows using OpenSC 0.26.1:
pkcs11-tool -l --pin <mypin> --keypairgen --key-type rsa:4096 --id 1 --label 001
openssl req -x509 -new -nodes -engine pkcs11 -key 31 -keyform engine -out 001.crt -days 9125 -config openssl.cnf -subj "%SUBJ%" -reqexts ca_ext

This, however, fails after sending the APDU for signing:

P:8052; T:2440 2025-03-03 22:28:52.364 [opensc-pkcs11] framework-pkcs15.c:4443:pkcs15_prkey_sign: Selected flags 140. Now computing signature for 51 bytes. 512 bytes reserved.
P:8052; T:2440 2025-03-03 22:28:52.368 [opensc-pkcs11] pkcs15-sec.c:615:sc_pkcs15_compute_signature: called
P:8052; T:2440 2025-03-03 22:28:52.371 [opensc-pkcs11] pkcs15-sec.c:668:sc_pkcs15_compute_signature: supported algorithm flags 0x80E0E211, private key usage 0x2E
P:8052; T:2440 2025-03-03 22:28:52.375 [opensc-pkcs11] padding.c:701:sc_get_encoding_flags: called
P:8052; T:2440 2025-03-03 22:28:52.377 [opensc-pkcs11] padding.c:705:sc_get_encoding_flags: iFlags 0x140, card capabilities 0x80E0E211
P:8052; T:2440 2025-03-03 22:28:52.380 [opensc-pkcs11] padding.c:766:sc_get_encoding_flags: pad flags 0x140, secure algorithm flags 0x1
P:8052; T:2440 2025-03-03 22:28:52.384 [opensc-pkcs11] padding.c:767:sc_get_encoding_flags: returning with: 0 (Success)
P:8052; T:2440 2025-03-03 22:28:52.387 [opensc-pkcs11] pkcs15-sec.c:739:sc_pkcs15_compute_signature: DEE flags:0x00000140 alg_info->flags:0x80e0e211 pad:0x00000140 sec:0x00000001
P:8052; T:2440 2025-03-03 22:28:52.391 [opensc-pkcs11] padding.c:624:sc_pkcs1_encode: called
P:8052; T:2440 2025-03-03 22:28:52.393 [opensc-pkcs11] padding.c:630:sc_pkcs1_encode: hash algorithm 0x100, pad algorithm 0x40
P:8052; T:2440 2025-03-03 22:28:52.396 [opensc-pkcs11] padding.c:654:sc_pkcs1_encode: returning with: 0 (Success)
P:8052; T:2440 2025-03-03 22:28:52.399 [opensc-pkcs11] card.c:471:sc_lock: called
P:8052; T:2440 2025-03-03 22:28:52.401 [opensc-pkcs11] card.c:513:sc_lock: returning with: 0 (Success)
P:8052; T:2440 2025-03-03 22:28:52.404 [opensc-pkcs11] sec.c:108:sc_set_security_env: called
P:8052; T:2440 2025-03-03 22:28:52.406 [opensc-pkcs11] card-sc-hsm.c:1069:sc_hsm_set_security_env: returning with: 0 (Success)
P:8052; T:2440 2025-03-03 22:28:52.409 [opensc-pkcs11] sec.c:112:sc_set_security_env: returning with: 0 (Success)
P:8052; T:2440 2025-03-03 22:28:52.412 [opensc-pkcs11] sec.c:62:sc_compute_signature: called
P:8052; T:2440 2025-03-03 22:28:52.415 [opensc-pkcs11] apdu.c:550:sc_transmit_apdu: called
P:8052; T:2440 2025-03-03 22:28:52.417 [opensc-pkcs11] card.c:471:sc_lock: called
P:8052; T:2440 2025-03-03 22:28:52.419 [opensc-pkcs11] card.c:513:sc_lock: returning with: 0 (Success)
P:8052; T:2440 2025-03-03 22:28:52.422 [opensc-pkcs11] apdu.c:515:sc_transmit: called
P:8052; T:2440 2025-03-03 22:28:52.424 [opensc-pkcs11] apdu.c:363:sc_single_transmit: called
P:8052; T:2440 2025-03-03 22:28:52.426 [opensc-pkcs11] apdu.c:367:sc_single_transmit: CLA:80, INS:68, P1:1, P2:20, data(512) 0000000000330000
P:8052; T:2440 2025-03-03 22:28:52.430 [opensc-pkcs11] reader-pcsc.c:327:pcsc_transmit: reader 'Pol Henarejos Pico Key CCID OTP FIDO Interfac 0'
P:8052; T:2440 2025-03-03 22:28:52.433 [opensc-pkcs11] reader-pcsc.c:328:pcsc_transmit:
Outgoing APDU (521 bytes):
80 68 01 20 00 02 00 00 01 FF FF FF FF FF FF FF .h. ............
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF 00 30 31 30 0D 06 09 60 86 48 01 65 03 ....010...`.H.e.
04 02 01 05 00 04 20 D7 D4 B4 55 0B 3D 08 E7 CA ...... ...U.=...
0E E4 50 97 50 52 15 0B 5D 9E 00 A3 7C 91 DC 27 ..P.PR..]...|..'
EA 0A 84 7C 33 22 C8 02 00                      ...|3"...

P:8052; T:2440 2025-03-03 22:28:52.479 [opensc-pkcs11] reader-pcsc.c:245:pcsc_internal_transmit: called
P:8052; T:2440 2025-03-03 22:28:55.666 [opensc-pkcs11] reader-pcsc.c:334:pcsc_transmit: unable to transmit
P:8052; T:2440 2025-03-03 22:28:55.670 [opensc-pkcs11] apdu.c:380:sc_single_transmit: unable to transmit APDU: -1213 (Unknown data received from card)
P:8052; T:2440 2025-03-03 22:28:55.674 [opensc-pkcs11] apdu.c:518:sc_transmit: transmit APDU failed: -1213 (Unknown data received from card)
P:8052; T:2440 2025-03-03 22:28:55.677 [opensc-pkcs11] card.c:523:sc_unlock: called
P:8052; T:2440 2025-03-03 22:28:55.679 [opensc-pkcs11] card-sc-hsm.c:1121:sc_hsm_compute_signature: APDU transmit failed: -1213 (Unknown data received from card)
P:8052; T:2440 2025-03-03 22:28:55.683 [opensc-pkcs11] sec.c:66:sc_compute_signature: returning with: -1213 (Unknown data received from card)
P:8052; T:2440 2025-03-03 22:28:55.687 [opensc-pkcs11] card.c:523:sc_unlock: called
P:8052; T:2440 2025-03-03 22:28:55.689 [opensc-pkcs11] pkcs15-sec.c:169:use_key: returning with: -1213 (Unknown data received from card)
P:8052; T:2440 2025-03-03 22:28:55.692 [opensc-pkcs11] pkcs15-sec.c:779:sc_pkcs15_compute_signature: use_key() failed: -1213 (Unknown data received from card)
P:8052; T:2440 2025-03-03 22:28:55.698 [opensc-pkcs11] pkcs15-sec.c:792:sc_pkcs15_compute_signature: returning with: -1213 (Unknown data received from card)
P:8052; T:2440 2025-03-03 22:28:55.702 [opensc-pkcs11] card.c:523:sc_unlock: called
P:8052; T:2440 2025-03-03 22:28:55.704 [opensc-pkcs11] reader-pcsc.c:734:pcsc_unlock: called
P:8052; T:2440 2025-03-03 22:28:55.707 [opensc-pkcs11] framework-pkcs15.c:4451:pkcs15_prkey_sign: Sign complete. Result -1213.
P:8052; T:2440 2025-03-03 22:28:55.710 [opensc-pkcs11] misc.c:72:sc_to_cryptoki_error_common: libopensc return value: -1213 (Unknown data received from card)
P:8052; T:2440 2025-03-03 22:28:55.714 [opensc-pkcs11] mechanism.c:608:sc_pkcs11_signature_final: returning with: 5
P:8052; T:2440 2025-03-03 22:28:55.716 [opensc-pkcs11] mechanism.c:465:sc_pkcs11_sign_final: returning with: 5
P:8052; T:2440 2025-03-03 22:28:55.719 [opensc-pkcs11] pkcs11-object.c:745:C_Sign: C_Sign() = CKR_GENERAL_ERROR

In Wireshark I can see two things I would expect different (without checking the actual specification):

21:39:22.514397 USB CCID
    Message Type: RDR_to_PC_DataBlock (0x80)
    Packet Length: 0
    Slot: 0
    Sequence: 170
    Status: 128, Status: An ICC is present and active, Status: Time Extension is requested 
    Error: 0
    Chain Parameter: 0

21:39:24.015537	USB CCID
    Message Type: RDR_to_PC_DataBlock (0x80)
    Packet Length: 0
    Slot: 0
    Sequence: 170
    Status: 128, Status: An ICC is present and active, Status: Time Extension is requested 
    Error: 0
    Chain Parameter: 0

21:39:24.193537 USB CCID
    Message Type: RDR_to_PC_DataBlock (0x80)
    Packet Length: 514
    Slot: 0
    Sequence: 170
    Status: 0, Status: An ICC is present and active, Status: Processed without error 
    Error: 0
    Chain Parameter: 0

21:39:24.193537 USB CCID
    Message Type: Unknown (0xbd)

First: The sequence number stays the same. Is that correct?
Second: There is some unknown message type from Pico HSM to PC. What means 0xBD? I can see a lot of 0x55 in other parts, but that does not seems to be an issue.

I am using a Xiao RP2350 with PicoHSM FW 5.4 as provided in the release notes here. I am executing the following commands on Windows using OpenSC 0.26.1: `pkcs11-tool -l --pin <mypin> --keypairgen --key-type rsa:4096 --id 1 --label 001` `openssl req -x509 -new -nodes -engine pkcs11 -key 31 -keyform engine -out 001.crt -days 9125 -config openssl.cnf -subj "%SUBJ%" -reqexts ca_ext` This, however, fails after sending the APDU for signing: ``` P:8052; T:2440 2025-03-03 22:28:52.364 [opensc-pkcs11] framework-pkcs15.c:4443:pkcs15_prkey_sign: Selected flags 140. Now computing signature for 51 bytes. 512 bytes reserved. P:8052; T:2440 2025-03-03 22:28:52.368 [opensc-pkcs11] pkcs15-sec.c:615:sc_pkcs15_compute_signature: called P:8052; T:2440 2025-03-03 22:28:52.371 [opensc-pkcs11] pkcs15-sec.c:668:sc_pkcs15_compute_signature: supported algorithm flags 0x80E0E211, private key usage 0x2E P:8052; T:2440 2025-03-03 22:28:52.375 [opensc-pkcs11] padding.c:701:sc_get_encoding_flags: called P:8052; T:2440 2025-03-03 22:28:52.377 [opensc-pkcs11] padding.c:705:sc_get_encoding_flags: iFlags 0x140, card capabilities 0x80E0E211 P:8052; T:2440 2025-03-03 22:28:52.380 [opensc-pkcs11] padding.c:766:sc_get_encoding_flags: pad flags 0x140, secure algorithm flags 0x1 P:8052; T:2440 2025-03-03 22:28:52.384 [opensc-pkcs11] padding.c:767:sc_get_encoding_flags: returning with: 0 (Success) P:8052; T:2440 2025-03-03 22:28:52.387 [opensc-pkcs11] pkcs15-sec.c:739:sc_pkcs15_compute_signature: DEE flags:0x00000140 alg_info->flags:0x80e0e211 pad:0x00000140 sec:0x00000001 P:8052; T:2440 2025-03-03 22:28:52.391 [opensc-pkcs11] padding.c:624:sc_pkcs1_encode: called P:8052; T:2440 2025-03-03 22:28:52.393 [opensc-pkcs11] padding.c:630:sc_pkcs1_encode: hash algorithm 0x100, pad algorithm 0x40 P:8052; T:2440 2025-03-03 22:28:52.396 [opensc-pkcs11] padding.c:654:sc_pkcs1_encode: returning with: 0 (Success) P:8052; T:2440 2025-03-03 22:28:52.399 [opensc-pkcs11] card.c:471:sc_lock: called P:8052; T:2440 2025-03-03 22:28:52.401 [opensc-pkcs11] card.c:513:sc_lock: returning with: 0 (Success) P:8052; T:2440 2025-03-03 22:28:52.404 [opensc-pkcs11] sec.c:108:sc_set_security_env: called P:8052; T:2440 2025-03-03 22:28:52.406 [opensc-pkcs11] card-sc-hsm.c:1069:sc_hsm_set_security_env: returning with: 0 (Success) P:8052; T:2440 2025-03-03 22:28:52.409 [opensc-pkcs11] sec.c:112:sc_set_security_env: returning with: 0 (Success) P:8052; T:2440 2025-03-03 22:28:52.412 [opensc-pkcs11] sec.c:62:sc_compute_signature: called P:8052; T:2440 2025-03-03 22:28:52.415 [opensc-pkcs11] apdu.c:550:sc_transmit_apdu: called P:8052; T:2440 2025-03-03 22:28:52.417 [opensc-pkcs11] card.c:471:sc_lock: called P:8052; T:2440 2025-03-03 22:28:52.419 [opensc-pkcs11] card.c:513:sc_lock: returning with: 0 (Success) P:8052; T:2440 2025-03-03 22:28:52.422 [opensc-pkcs11] apdu.c:515:sc_transmit: called P:8052; T:2440 2025-03-03 22:28:52.424 [opensc-pkcs11] apdu.c:363:sc_single_transmit: called P:8052; T:2440 2025-03-03 22:28:52.426 [opensc-pkcs11] apdu.c:367:sc_single_transmit: CLA:80, INS:68, P1:1, P2:20, data(512) 0000000000330000 P:8052; T:2440 2025-03-03 22:28:52.430 [opensc-pkcs11] reader-pcsc.c:327:pcsc_transmit: reader 'Pol Henarejos Pico Key CCID OTP FIDO Interfac 0' P:8052; T:2440 2025-03-03 22:28:52.433 [opensc-pkcs11] reader-pcsc.c:328:pcsc_transmit: Outgoing APDU (521 bytes): 80 68 01 20 00 02 00 00 01 FF FF FF FF FF FF FF .h. ............ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF 00 30 31 30 0D 06 09 60 86 48 01 65 03 ....010...`.H.e. 04 02 01 05 00 04 20 D7 D4 B4 55 0B 3D 08 E7 CA ...... ...U.=... 0E E4 50 97 50 52 15 0B 5D 9E 00 A3 7C 91 DC 27 ..P.PR..]...|..' EA 0A 84 7C 33 22 C8 02 00 ...|3"... P:8052; T:2440 2025-03-03 22:28:52.479 [opensc-pkcs11] reader-pcsc.c:245:pcsc_internal_transmit: called P:8052; T:2440 2025-03-03 22:28:55.666 [opensc-pkcs11] reader-pcsc.c:334:pcsc_transmit: unable to transmit P:8052; T:2440 2025-03-03 22:28:55.670 [opensc-pkcs11] apdu.c:380:sc_single_transmit: unable to transmit APDU: -1213 (Unknown data received from card) P:8052; T:2440 2025-03-03 22:28:55.674 [opensc-pkcs11] apdu.c:518:sc_transmit: transmit APDU failed: -1213 (Unknown data received from card) P:8052; T:2440 2025-03-03 22:28:55.677 [opensc-pkcs11] card.c:523:sc_unlock: called P:8052; T:2440 2025-03-03 22:28:55.679 [opensc-pkcs11] card-sc-hsm.c:1121:sc_hsm_compute_signature: APDU transmit failed: -1213 (Unknown data received from card) P:8052; T:2440 2025-03-03 22:28:55.683 [opensc-pkcs11] sec.c:66:sc_compute_signature: returning with: -1213 (Unknown data received from card) P:8052; T:2440 2025-03-03 22:28:55.687 [opensc-pkcs11] card.c:523:sc_unlock: called P:8052; T:2440 2025-03-03 22:28:55.689 [opensc-pkcs11] pkcs15-sec.c:169:use_key: returning with: -1213 (Unknown data received from card) P:8052; T:2440 2025-03-03 22:28:55.692 [opensc-pkcs11] pkcs15-sec.c:779:sc_pkcs15_compute_signature: use_key() failed: -1213 (Unknown data received from card) P:8052; T:2440 2025-03-03 22:28:55.698 [opensc-pkcs11] pkcs15-sec.c:792:sc_pkcs15_compute_signature: returning with: -1213 (Unknown data received from card) P:8052; T:2440 2025-03-03 22:28:55.702 [opensc-pkcs11] card.c:523:sc_unlock: called P:8052; T:2440 2025-03-03 22:28:55.704 [opensc-pkcs11] reader-pcsc.c:734:pcsc_unlock: called P:8052; T:2440 2025-03-03 22:28:55.707 [opensc-pkcs11] framework-pkcs15.c:4451:pkcs15_prkey_sign: Sign complete. Result -1213. P:8052; T:2440 2025-03-03 22:28:55.710 [opensc-pkcs11] misc.c:72:sc_to_cryptoki_error_common: libopensc return value: -1213 (Unknown data received from card) P:8052; T:2440 2025-03-03 22:28:55.714 [opensc-pkcs11] mechanism.c:608:sc_pkcs11_signature_final: returning with: 5 P:8052; T:2440 2025-03-03 22:28:55.716 [opensc-pkcs11] mechanism.c:465:sc_pkcs11_sign_final: returning with: 5 P:8052; T:2440 2025-03-03 22:28:55.719 [opensc-pkcs11] pkcs11-object.c:745:C_Sign: C_Sign() = CKR_GENERAL_ERROR ``` In Wireshark I can see two things I would expect different (without checking the actual specification): ``` 21:39:22.514397 USB CCID Message Type: RDR_to_PC_DataBlock (0x80) Packet Length: 0 Slot: 0 Sequence: 170 Status: 128, Status: An ICC is present and active, Status: Time Extension is requested Error: 0 Chain Parameter: 0 21:39:24.015537 USB CCID Message Type: RDR_to_PC_DataBlock (0x80) Packet Length: 0 Slot: 0 Sequence: 170 Status: 128, Status: An ICC is present and active, Status: Time Extension is requested Error: 0 Chain Parameter: 0 21:39:24.193537 USB CCID Message Type: RDR_to_PC_DataBlock (0x80) Packet Length: 514 Slot: 0 Sequence: 170 Status: 0, Status: An ICC is present and active, Status: Processed without error Error: 0 Chain Parameter: 0 21:39:24.193537 USB CCID Message Type: Unknown (0xbd) ``` First: The sequence number stays the same. Is that correct? Second: There is some unknown message type from Pico HSM to PC. What means 0xBD? I can see a lot of 0x55 in other parts, but that does not seems to be an issue.

polhenarejos commented 2025-03-04 06:10:57 +08:00 (Migrated from https://github.com/polhenarejos/pico-hsm)

Copy Link

Can you try with a shorter key like 1024?

Can you try with a shorter key like 1024?

daniel-starke commented 2025-03-05 01:30:08 +08:00 (Migrated from https://github.com/polhenarejos/pico-hsm)

Copy Link

1024: OK
2048: OK
3072: FAIL
4096: FAIL

1024: OK 2048: OK 3072: FAIL 4096: FAIL

daniel-starke commented 2025-03-11 03:13:10 +08:00 (Migrated from https://github.com/polhenarejos/pico-hsm)

Copy Link

Is there anything else I can do to assist you with the bug fix?

Is there anything else I can do to assist you with the bug fix?

polhenarejos commented 2025-03-11 04:11:45 +08:00 (Migrated from https://github.com/polhenarejos/pico-hsm)

Copy Link

I’ll debug myself. For curiosity, are you generating the 4k key in the device or it’s imported? How nuch time does it take?

I’ll debug myself. For curiosity, are you generating the 4k key in the device or it’s imported? How nuch time does it take?

daniel-starke commented 2025-03-11 04:18:24 +08:00 (Migrated from https://github.com/polhenarejos/pico-hsm)

Copy Link

I got the 4096 bit key generated from within the device. I am not sure how long that takes. It starts and fails similar to the signing process. However, the result is not important at the USB interface so I can check after a while for the correctly generated key. I suspect that the keep-alive USB function has some issue. I.e. any USB operation taking longer than 1.5s? fails. Fortunately, the key generation does continue in the background :)

I got the 4096 bit key generated from within the device. I am not sure how long that takes. It starts and fails similar to the signing process. However, the result is not important at the USB interface so I can check after a while for the correctly generated key. I suspect that the keep-alive USB function has some issue. I.e. any USB operation taking longer than 1.5s? fails. Fortunately, the key generation does continue in the background :)

polhenarejos commented 2025-03-11 22:10:14 +08:00 (Migrated from https://github.com/polhenarejos/pico-hsm)

Copy Link

Try this snippet and report the result:

echo "This is a test string. Be safe, be secure." > data
pkcs11-tool --read-object --pin 648219 --id 1 --type pubkey > 1.der
openssl rsa -inform DER -outform PEM -in 1.der -pubin > 1.pub
openssl dgst -sha1 -binary -out data.sha1 data
pkcs11-tool --id 1 --sign --pin 648219 --mechanism SHA1-RSA-PKCS -i data -o data.sig
openssl pkeyutl -verify -in data.sha1 -sigfile data.sig -pubin -inkey 1.pub -pkeyopt digest:sha1

Try this snippet and report the result: ``` echo "This is a test string. Be safe, be secure." > data pkcs11-tool --read-object --pin 648219 --id 1 --type pubkey > 1.der openssl rsa -inform DER -outform PEM -in 1.der -pubin > 1.pub openssl dgst -sha1 -binary -out data.sha1 data pkcs11-tool --id 1 --sign --pin 648219 --mechanism SHA1-RSA-PKCS -i data -o data.sig openssl pkeyutl -verify -in data.sha1 -sigfile data.sig -pubin -inkey 1.pub -pkeyopt digest:sha1 ```

daniel-starke commented 2025-03-12 02:01:28 +08:00 (Migrated from https://github.com/polhenarejos/pico-hsm)

Copy Link

> pkcs11-tool -l --pin 0815 --keypairgen --key-type rsa:1024 --id 3 --label test
Using slot 0 with a present token (0x0)
error: PKCS11 function C_GenerateKeyPair failed: rv = CKR_GENERAL_ERROR (0x5)
Aborting.
> pkcs11-tool --read-object --pin 0815 --id 33 --type pubkey > 1.der
Using slot 0 with a present token (0x0)
> openssl rsa -inform DER -outform PEM -in 1.der -pubin > 1.pub
writing RSA key
> openssl dgst -sha1 -binary -out data.sha1 data
> pkcs11-tool --id 33 --sign --pin 0815 --mechanism SHA1-RSA-PKCS -i data -o data.sig
Using slot 0 with a present token (0x0)
Using signature algorithm SHA1-RSA-PKCS
> openssl pkeyutl -verify -in data.sha1 -sigfile data.sig -pubin -inkey 1.pub -pkeyopt digest:sha1
Signature Verified Successfully

test.zip

``` > pkcs11-tool -l --pin 0815 --keypairgen --key-type rsa:1024 --id 3 --label test Using slot 0 with a present token (0x0) error: PKCS11 function C_GenerateKeyPair failed: rv = CKR_GENERAL_ERROR (0x5) Aborting. > pkcs11-tool --read-object --pin 0815 --id 33 --type pubkey > 1.der Using slot 0 with a present token (0x0) > openssl rsa -inform DER -outform PEM -in 1.der -pubin > 1.pub writing RSA key > openssl dgst -sha1 -binary -out data.sha1 data > pkcs11-tool --id 33 --sign --pin 0815 --mechanism SHA1-RSA-PKCS -i data -o data.sig Using slot 0 with a present token (0x0) Using signature algorithm SHA1-RSA-PKCS > openssl pkeyutl -verify -in data.sha1 -sigfile data.sig -pubin -inkey 1.pub -pkeyopt digest:sha1 Signature Verified Successfully ``` [test.zip](https://github.com/user-attachments/files/19195771/test.zip)

polhenarejos commented 2025-03-12 02:05:10 +08:00 (Migrated from https://github.com/polhenarejos/pico-hsm)

Copy Link

Is the key 33 a rsa 4096?

Is the key 33 a rsa 4096?

daniel-starke commented 2025-03-12 02:14:29 +08:00 (Migrated from https://github.com/polhenarejos/pico-hsm)

Copy Link

No, 1024 because 4096 fails.
Btw, I am not sure why but keypairgen id 3 is turned into id 33.

No, 1024 because 4096 fails. Btw, I am not sure why but keypairgen id 3 is turned into id 33.

polhenarejos commented 2025-03-12 06:51:08 +08:00 (Migrated from https://github.com/polhenarejos/pico-hsm)

Copy Link

So you tried the snippet with a rsa 4096 and failed, right? In which step? Which error?

So you tried the snippet with a rsa 4096 and failed, right? In which step? Which error?

daniel-starke commented 2025-03-13 01:18:11 +08:00 (Migrated from https://github.com/polhenarejos/pico-hsm)

Copy Link

If you ask me that way... key generation fails for every RSA key size:

P:1388; T:8160 2025-03-12 18:08:00.295 [opensc-pkcs11] pkcs15-sc-hsm.c:116:sc_hsm_create_key: called
P:1388; T:8160 2025-03-12 18:08:00.298 [opensc-pkcs11] pkcs15-sc-hsm.c:117:sc_hsm_create_key: returning with: 0 (Success)
P:1388; T:8160 2025-03-12 18:08:00.301 [opensc-pkcs11] pkcs15-sc-hsm.c:260:sc_hsm_generate_key: called
P:1388; T:8160 2025-03-12 18:08:00.303 [opensc-pkcs11] pkcs15-sc-hsm.c:137:sc_hsm_determine_free_id: called
P:1388; T:8160 2025-03-12 18:08:00.306 [opensc-pkcs11] card.c:559:sc_list_files: called
P:1388; T:8160 2025-03-12 18:08:00.309 [opensc-pkcs11] apdu.c:550:sc_transmit_apdu: called
P:1388; T:8160 2025-03-12 18:08:00.311 [opensc-pkcs11] card.c:471:sc_lock: called
P:1388; T:8160 2025-03-12 18:08:00.314 [opensc-pkcs11] card.c:513:sc_lock: returning with: 0 (Success)
P:1388; T:8160 2025-03-12 18:08:00.316 [opensc-pkcs11] apdu.c:515:sc_transmit: called
P:1388; T:8160 2025-03-12 18:08:00.319 [opensc-pkcs11] apdu.c:363:sc_single_transmit: called
P:1388; T:8160 2025-03-12 18:08:00.321 [opensc-pkcs11] apdu.c:367:sc_single_transmit: CLA:80, INS:58, P1:0, P2:0, data(0) 0000000000000000
P:1388; T:8160 2025-03-12 18:08:00.325 [opensc-pkcs11] reader-pcsc.c:327:pcsc_transmit: reader 'Pol Henarejos Pico Key CCID OTP FIDO Interfac 0'
P:1388; T:8160 2025-03-12 18:08:00.328 [opensc-pkcs11] reader-pcsc.c:328:pcsc_transmit:
Outgoing APDU (7 bytes):
80 58 00 00 00 00 00 .X.....

P:1388; T:8160 2025-03-12 18:08:00.332 [opensc-pkcs11] reader-pcsc.c:245:pcsc_internal_transmit: called
P:1388; T:8160 2025-03-12 18:08:00.336 [opensc-pkcs11] reader-pcsc.c:337:pcsc_transmit:
Incoming APDU (14 bytes):
C4 00 CC 00 CC 01 CC 02 C4 01 C4 02 90 00 ..............

P:1388; T:8160 2025-03-12 18:08:00.341 [opensc-pkcs11] apdu.c:382:sc_single_transmit: returning with: 0 (Success)
P:1388; T:8160 2025-03-12 18:08:00.344 [opensc-pkcs11] apdu.c:539:sc_transmit: returning with: 0 (Success)
P:1388; T:8160 2025-03-12 18:08:00.347 [opensc-pkcs11] card.c:523:sc_unlock: called
P:1388; T:8160 2025-03-12 18:08:00.349 [opensc-pkcs11] card-sc-hsm.c:961:sc_hsm_list_files: returning with: 12
P:1388; T:8160 2025-03-12 18:08:00.352 [opensc-pkcs11] card.c:565:sc_list_files: returning with: 12
P:1388; T:8160 2025-03-12 18:08:00.355 [opensc-pkcs11] pkcs15-sc-hsm.c:149:sc_hsm_determine_free_id: returning with: 3
P:1388; T:8160 2025-03-12 18:08:00.357 [opensc-pkcs11] pkcs15-sc-hsm.c:160:sc_hsm_encode_gakp_rsa: called
P:1388; T:8160 2025-03-12 18:08:00.360 [opensc-pkcs11] pkcs15-sc-hsm.c:172:sc_hsm_encode_gakp_rsa: returning with: 0 (Success)
P:1388; T:8160 2025-03-12 18:08:00.363 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry: encoding 'certificate'
P:1388; T:8160 2025-03-12 18:08:00.367 [opensc-pkcs11] asn1.c:1833:asn1_encode_entry: type=129, tag=0x60001f21, parm=000000000030d110, len=0
P:1388; T:8160 2025-03-12 18:08:00.370 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry:  encoding 'certificateBody'
P:1388; T:8160 2025-03-12 18:08:00.374 [opensc-pkcs11] asn1.c:1833:asn1_encode_entry:  type=129, tag=0x60001f4e, parm=000000000030d190, len=0
P:1388; T:8160 2025-03-12 18:08:00.378 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry:   encoding 'certificateProfileIdentifier'
P:1388; T:8160 2025-03-12 18:08:00.381 [opensc-pkcs11] asn1.c:1833:asn1_encode_entry:   type=2, tag=0x40001f29, parm=000000000030d510, len=0
P:1388; T:8160 2025-03-12 18:08:00.385 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry:   length of encoded item=4
P:1388; T:8160 2025-03-12 18:08:00.388 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry:   encoding 'certificationAuthorityReference'
P:1388; T:8160 2025-03-12 18:08:00.391 [opensc-pkcs11] asn1.c:1833:asn1_encode_entry:   type=19, tag=0x40000002, parm=000000000030d514, len=9
P:1388; T:8160 2025-03-12 18:08:00.395 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry:   length of encoded item=11
P:1388; T:8160 2025-03-12 18:08:00.398 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry:   encoding 'publicKey'
P:1388; T:8160 2025-03-12 18:08:00.401 [opensc-pkcs11] asn1.c:1833:asn1_encode_entry:   type=129, tag=0x60001f49, parm=000000000030d260, len=0
P:1388; T:8160 2025-03-12 18:08:00.405 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry:    encoding 'publicKeyOID'
P:1388; T:8160 2025-03-12 18:08:00.408 [opensc-pkcs11] asn1.c:1833:asn1_encode_entry:    type=6, tag=0x06, parm=000000000030d530, len=0
P:1388; T:8160 2025-03-12 18:08:00.411 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry:    length of encoded item=12
P:1388; T:8160 2025-03-12 18:08:00.414 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry:    encoding 'primeOrModulus' (not present)
P:1388; T:8160 2025-03-12 18:08:00.417 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry:    length of encoded item=0
P:1388; T:8160 2025-03-12 18:08:00.420 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry:    encoding 'coefficientAorExponent'
P:1388; T:8160 2025-03-12 18:08:00.423 [opensc-pkcs11] asn1.c:1833:asn1_encode_entry:    type=4, tag=0x80000002, parm=0000000001ea70a0, len=3
P:1388; T:8160 2025-03-12 18:08:00.427 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry:    length of encoded item=5
P:1388; T:8160 2025-03-12 18:08:00.430 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry:    encoding 'coefficientB' (not present)
P:1388; T:8160 2025-03-12 18:08:00.433 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry:    length of encoded item=0
P:1388; T:8160 2025-03-12 18:08:00.437 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry:    encoding 'basePointG' (not present)
P:1388; T:8160 2025-03-12 18:08:00.440 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry:    length of encoded item=0
P:1388; T:8160 2025-03-12 18:08:00.443 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry:    encoding 'order' (not present)
P:1388; T:8160 2025-03-12 18:08:00.446 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry:    length of encoded item=0
P:1388; T:8160 2025-03-12 18:08:00.449 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry:    encoding 'publicPoint' (not present)
P:1388; T:8160 2025-03-12 18:08:00.452 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry:    length of encoded item=0
P:1388; T:8160 2025-03-12 18:08:00.455 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry:    encoding 'cofactor' (not present)
P:1388; T:8160 2025-03-12 18:08:00.459 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry:    length of encoded item=0
P:1388; T:8160 2025-03-12 18:08:00.462 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry:    encoding 'modulusSize'
P:1388; T:8160 2025-03-12 18:08:00.465 [opensc-pkcs11] asn1.c:1833:asn1_encode_entry:    type=2, tag=0x02, parm=000000000030d5e0, len=0
P:1388; T:8160 2025-03-12 18:08:00.469 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry:    length of encoded item=4
P:1388; T:8160 2025-03-12 18:08:00.472 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry:   length of encoded item=24
P:1388; T:8160 2025-03-12 18:08:00.475 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry:   encoding 'certificateHolderReference'
P:1388; T:8160 2025-03-12 18:08:00.478 [opensc-pkcs11] asn1.c:1833:asn1_encode_entry:   type=19, tag=0x40001f20, parm=000000000030d5e4, len=16
P:1388; T:8160 2025-03-12 18:08:00.481 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry:   length of encoded item=19
P:1388; T:8160 2025-03-12 18:08:00.485 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry:  length of encoded item=61
P:1388; T:8160 2025-03-12 18:08:00.488 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry:  encoding 'signature' (not present)
P:1388; T:8160 2025-03-12 18:08:00.491 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry:  length of encoded item=0
P:1388; T:8160 2025-03-12 18:08:00.494 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry: length of encoded item=64
P:1388; T:8160 2025-03-12 18:08:00.497 [opensc-pkcs11] pkcs15-sc-hsm.c:816:sc_pkcs15emu_sc_hsm_encode_cvc: returning with: 0 (Success)
P:1388; T:8160 2025-03-12 18:08:00.501 [opensc-pkcs11] card.c:1119:sc_card_ctl: called with cmd=1396918273
P:1388; T:8160 2025-03-12 18:08:00.504 [opensc-pkcs11] card-sc-hsm.c:1722:sc_hsm_generate_keypair: called
P:1388; T:8160 2025-03-12 18:08:00.507 [opensc-pkcs11] apdu.c:550:sc_transmit_apdu: called
P:1388; T:8160 2025-03-12 18:08:00.510 [opensc-pkcs11] card.c:471:sc_lock: called
P:1388; T:8160 2025-03-12 18:08:00.512 [opensc-pkcs11] card.c:513:sc_lock: returning with: 0 (Success)
P:1388; T:8160 2025-03-12 18:08:00.514 [opensc-pkcs11] apdu.c:515:sc_transmit: called
P:1388; T:8160 2025-03-12 18:08:00.517 [opensc-pkcs11] apdu.c:363:sc_single_transmit: called
P:1388; T:8160 2025-03-12 18:08:00.519 [opensc-pkcs11] apdu.c:367:sc_single_transmit: CLA:0, INS:46, P1:3, P2:0, data(58) 00000000004e11a6
P:1388; T:8160 2025-03-12 18:08:00.523 [opensc-pkcs11] reader-pcsc.c:327:pcsc_transmit: reader 'Pol Henarejos Pico Key CCID OTP FIDO Interfac 0'
P:1388; T:8160 2025-03-12 18:08:00.527 [opensc-pkcs11] reader-pcsc.c:328:pcsc_transmit:
Outgoing APDU (67 bytes):
00 46 03 00 00 00 3A 5F 29 01 00 42 09 55 54 43 .F....:_)..B.UTC
41 30 30 30 30 31 7F 49 15 06 0A 04 00 7F 00 07 A00001.I........
02 02 02 01 02 82 03 01 00 01 02 02 04 00 5F 20 .............._
10 45 53 50 49 43 4F 48 53 4D 54 52 30 30 30 30 .ESPICOHSMTR0000
31 00 00                                        1..

P:1388; T:8160 2025-03-12 18:08:00.537 [opensc-pkcs11] reader-pcsc.c:245:pcsc_internal_transmit: called
P:1388; T:8160 2025-03-12 18:08:04.324 [opensc-pkcs11] reader-pcsc.c:334:pcsc_transmit: unable to transmit
P:1388; T:8160 2025-03-12 18:08:04.327 [opensc-pkcs11] apdu.c:380:sc_single_transmit: unable to transmit APDU: -1213 (Unknown data received from card)
P:1388; T:8160 2025-03-12 18:08:04.332 [opensc-pkcs11] apdu.c:518:sc_transmit: transmit APDU failed: -1213 (Unknown data received from card)
P:1388; T:8160 2025-03-12 18:08:04.336 [opensc-pkcs11] card.c:523:sc_unlock: called
P:1388; T:8160 2025-03-12 18:08:04.338 [opensc-pkcs11] card-sc-hsm.c:1735:sc_hsm_generate_keypair: APDU transmit failed: -1213 (Unknown data receivedfrom card)
P:1388; T:8160 2025-03-12 18:08:04.342 [opensc-pkcs11] card.c:1129:sc_card_ctl: returning with: -1213 (Unknown data received from card)
P:1388; T:8160 2025-03-12 18:08:04.346 [opensc-pkcs11] pkcs15-sc-hsm.c:338:sc_hsm_generate_key: returning with: -1213 (Unknown data received from card)
P:1388; T:8160 2025-03-12 18:08:04.350 [opensc-pkcs11] pkcs15-lib.c:1618:sc_pkcs15init_generate_key: Failed to generate key: -1213 (Unknown data received from card)
P:1388; T:8160 2025-03-12 18:08:04.355 [opensc-pkcs11] pkcs15-lib.c:1681:sc_pkcs15init_generate_key: returning with: -1213 (Unknown data received from card)
P:1388; T:8160 2025-03-12 18:08:04.359 [opensc-pkcs11] framework-pkcs15.c:3493:pkcs15_gen_keypair: sc_pkcs15init_generate_key returned -1213
P:1388; T:8160 2025-03-12 18:08:04.363 [opensc-pkcs11] misc.c:72:sc_to_cryptoki_error_common: libopensc return value: -1213 (Unknown data received from card)
P:1388; T:8160 2025-03-12 18:08:04.366 [opensc-pkcs11] pkcs15-lib.c:435:sc_pkcs15init_unbind: called
P:1388; T:8160 2025-03-12 18:08:04.369 [opensc-pkcs11] pkcs15-lib.c:436:sc_pkcs15init_unbind: Pksc15init Unbind: 0:0000000000552540:1
P:1388; T:8160 2025-03-12 18:08:04.373 [opensc-pkcs11] card.c:523:sc_unlock: called
P:1388; T:8160 2025-03-12 18:08:04.375 [opensc-pkcs11] reader-pcsc.c:734:pcsc_unlock: called
P:1388; T:8160 2025-03-12 18:08:04.378 [opensc-pkcs11] pkcs11-global.c:415:C_Finalize: C_Finalize()
P:1388; T:8160 2025-03-12 18:08:04.381 [opensc-pkcs11] ctx.c:1042:sc_cancel: called
P:1388; T:8160 2025-03-12 18:08:04.383 [opensc-pkcs11] reader-pcsc.c:784:pcsc_cancel: called
P:1388; T:8160 2025-03-12 18:08:04.385 [opensc-pkcs11] slot.c:191:card_removed: Pol Henarejos Pico Key CCID OTP FIDO Interfac 0: card removed
P:1388; T:8160 2025-03-12 18:08:04.389 [opensc-pkcs11] slot.c:501:slot_token_removed: slot_token_removed(0x0)
P:1388; T:8160 2025-03-12 18:08:04.393 [opensc-pkcs11] pkcs11-session.c:145:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x0) 1
P:1388; T:8160 2025-03-12 18:08:04.396 [opensc-pkcs11] pkcs11-session.c:109:sc_pkcs11_close_session: real C_CloseSession(0x4dad70)
P:1388; T:8160 2025-03-12 18:08:04.399 [opensc-pkcs11] pkcs15-pin.c:851:sc_pkcs15_pincache_clear: called
P:1388; T:8160 2025-03-12 18:08:04.402 [opensc-pkcs11] framework-pkcs15.c:2000:pkcs15_logout: Clearing PIN state without calling sc_logout()
P:1388; T:8160 2025-03-12 18:08:04.406 [opensc-pkcs11] framework-pkcs15.c:1778:pkcs15_release_token: pkcs15_release_token() not implemented
P:1388; T:8160 2025-03-12 18:08:04.409 [opensc-pkcs11] slot.c:501:slot_token_removed: slot_token_removed(0x1)
P:1388; T:8160 2025-03-12 18:08:04.413 [opensc-pkcs11] pkcs11-session.c:145:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x1) 0
P:1388; T:8160 2025-03-12 18:08:04.417 [opensc-pkcs11] slot.c:501:slot_token_removed: slot_token_removed(0x2)
P:1388; T:8160 2025-03-12 18:08:04.420 [opensc-pkcs11] pkcs11-session.c:145:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x2) 0
P:1388; T:8160 2025-03-12 18:08:04.423 [opensc-pkcs11] slot.c:501:slot_token_removed: slot_token_removed(0x3)
P:1388; T:8160 2025-03-12 18:08:04.426 [opensc-pkcs11] pkcs11-session.c:145:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x3) 0
P:1388; T:8160 2025-03-12 18:08:04.430 [opensc-pkcs11] pkcs15.c:1387:sc_pkcs15_unbind: called
P:1388; T:8160 2025-03-12 18:08:04.432 [opensc-pkcs11] pkcs15-pin.c:851:sc_pkcs15_pincache_clear: called
P:1388; T:8160 2025-03-12 18:08:04.435 [opensc-pkcs11] misc.c:72:sc_to_cryptoki_error_common: libopensc return value: 0 (Success)
P:1388; T:8160 2025-03-12 18:08:04.438 [opensc-pkcs11] card.c:414:sc_disconnect_card: called
P:1388; T:8160 2025-03-12 18:08:04.441 [opensc-pkcs11] reader-pcsc.c:677:pcsc_disconnect: Pol Henarejos Pico Key CCID OTP FIDO Interfac 0:SCardDisconnect returned: 0x00000000
P:1388; T:8160 2025-03-12 18:08:04.445 [opensc-pkcs11] card.c:434:sc_disconnect_card: returning with: 0 (Success)
P:1388; T:8160 2025-03-12 18:08:04.448 [opensc-pkcs11] ctx.c:1066:sc_release_context: called
P:1388; T:8160 2025-03-12 18:08:04.451 [opensc-pkcs11] reader-pcsc.c:971:pcsc_finish: called
error: PKCS11 function C_GenerateKeyPair failed: rv = CKR_GENERAL_ERROR (0x5)
Aborting.

Same each (example above for 1024 bit):

• pkcs11-tool -l --pin 0815 --keypairgen --key-type rsa:1024 --id 3 --label test
• pkcs11-tool -l --pin 0815 --keypairgen --key-type rsa:2048 --id 3 --label test
• pkcs11-tool -l --pin 0815 --keypairgen --key-type rsa:3072 --id 3 --label test
• pkcs11-tool -l --pin 0815 --keypairgen --key-type rsa:4096 --id 3 --label test

However, it completes in the background after a while. But usually, the device needs to be plugged again after that to work correctly.

If you ask me that way... key generation fails for every RSA key size: ``` P:1388; T:8160 2025-03-12 18:08:00.295 [opensc-pkcs11] pkcs15-sc-hsm.c:116:sc_hsm_create_key: called P:1388; T:8160 2025-03-12 18:08:00.298 [opensc-pkcs11] pkcs15-sc-hsm.c:117:sc_hsm_create_key: returning with: 0 (Success) P:1388; T:8160 2025-03-12 18:08:00.301 [opensc-pkcs11] pkcs15-sc-hsm.c:260:sc_hsm_generate_key: called P:1388; T:8160 2025-03-12 18:08:00.303 [opensc-pkcs11] pkcs15-sc-hsm.c:137:sc_hsm_determine_free_id: called P:1388; T:8160 2025-03-12 18:08:00.306 [opensc-pkcs11] card.c:559:sc_list_files: called P:1388; T:8160 2025-03-12 18:08:00.309 [opensc-pkcs11] apdu.c:550:sc_transmit_apdu: called P:1388; T:8160 2025-03-12 18:08:00.311 [opensc-pkcs11] card.c:471:sc_lock: called P:1388; T:8160 2025-03-12 18:08:00.314 [opensc-pkcs11] card.c:513:sc_lock: returning with: 0 (Success) P:1388; T:8160 2025-03-12 18:08:00.316 [opensc-pkcs11] apdu.c:515:sc_transmit: called P:1388; T:8160 2025-03-12 18:08:00.319 [opensc-pkcs11] apdu.c:363:sc_single_transmit: called P:1388; T:8160 2025-03-12 18:08:00.321 [opensc-pkcs11] apdu.c:367:sc_single_transmit: CLA:80, INS:58, P1:0, P2:0, data(0) 0000000000000000 P:1388; T:8160 2025-03-12 18:08:00.325 [opensc-pkcs11] reader-pcsc.c:327:pcsc_transmit: reader 'Pol Henarejos Pico Key CCID OTP FIDO Interfac 0' P:1388; T:8160 2025-03-12 18:08:00.328 [opensc-pkcs11] reader-pcsc.c:328:pcsc_transmit: Outgoing APDU (7 bytes): 80 58 00 00 00 00 00 .X..... P:1388; T:8160 2025-03-12 18:08:00.332 [opensc-pkcs11] reader-pcsc.c:245:pcsc_internal_transmit: called P:1388; T:8160 2025-03-12 18:08:00.336 [opensc-pkcs11] reader-pcsc.c:337:pcsc_transmit: Incoming APDU (14 bytes): C4 00 CC 00 CC 01 CC 02 C4 01 C4 02 90 00 .............. P:1388; T:8160 2025-03-12 18:08:00.341 [opensc-pkcs11] apdu.c:382:sc_single_transmit: returning with: 0 (Success) P:1388; T:8160 2025-03-12 18:08:00.344 [opensc-pkcs11] apdu.c:539:sc_transmit: returning with: 0 (Success) P:1388; T:8160 2025-03-12 18:08:00.347 [opensc-pkcs11] card.c:523:sc_unlock: called P:1388; T:8160 2025-03-12 18:08:00.349 [opensc-pkcs11] card-sc-hsm.c:961:sc_hsm_list_files: returning with: 12 P:1388; T:8160 2025-03-12 18:08:00.352 [opensc-pkcs11] card.c:565:sc_list_files: returning with: 12 P:1388; T:8160 2025-03-12 18:08:00.355 [opensc-pkcs11] pkcs15-sc-hsm.c:149:sc_hsm_determine_free_id: returning with: 3 P:1388; T:8160 2025-03-12 18:08:00.357 [opensc-pkcs11] pkcs15-sc-hsm.c:160:sc_hsm_encode_gakp_rsa: called P:1388; T:8160 2025-03-12 18:08:00.360 [opensc-pkcs11] pkcs15-sc-hsm.c:172:sc_hsm_encode_gakp_rsa: returning with: 0 (Success) P:1388; T:8160 2025-03-12 18:08:00.363 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry: encoding 'certificate' P:1388; T:8160 2025-03-12 18:08:00.367 [opensc-pkcs11] asn1.c:1833:asn1_encode_entry: type=129, tag=0x60001f21, parm=000000000030d110, len=0 P:1388; T:8160 2025-03-12 18:08:00.370 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry: encoding 'certificateBody' P:1388; T:8160 2025-03-12 18:08:00.374 [opensc-pkcs11] asn1.c:1833:asn1_encode_entry: type=129, tag=0x60001f4e, parm=000000000030d190, len=0 P:1388; T:8160 2025-03-12 18:08:00.378 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry: encoding 'certificateProfileIdentifier' P:1388; T:8160 2025-03-12 18:08:00.381 [opensc-pkcs11] asn1.c:1833:asn1_encode_entry: type=2, tag=0x40001f29, parm=000000000030d510, len=0 P:1388; T:8160 2025-03-12 18:08:00.385 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry: length of encoded item=4 P:1388; T:8160 2025-03-12 18:08:00.388 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry: encoding 'certificationAuthorityReference' P:1388; T:8160 2025-03-12 18:08:00.391 [opensc-pkcs11] asn1.c:1833:asn1_encode_entry: type=19, tag=0x40000002, parm=000000000030d514, len=9 P:1388; T:8160 2025-03-12 18:08:00.395 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry: length of encoded item=11 P:1388; T:8160 2025-03-12 18:08:00.398 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry: encoding 'publicKey' P:1388; T:8160 2025-03-12 18:08:00.401 [opensc-pkcs11] asn1.c:1833:asn1_encode_entry: type=129, tag=0x60001f49, parm=000000000030d260, len=0 P:1388; T:8160 2025-03-12 18:08:00.405 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry: encoding 'publicKeyOID' P:1388; T:8160 2025-03-12 18:08:00.408 [opensc-pkcs11] asn1.c:1833:asn1_encode_entry: type=6, tag=0x06, parm=000000000030d530, len=0 P:1388; T:8160 2025-03-12 18:08:00.411 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry: length of encoded item=12 P:1388; T:8160 2025-03-12 18:08:00.414 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry: encoding 'primeOrModulus' (not present) P:1388; T:8160 2025-03-12 18:08:00.417 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry: length of encoded item=0 P:1388; T:8160 2025-03-12 18:08:00.420 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry: encoding 'coefficientAorExponent' P:1388; T:8160 2025-03-12 18:08:00.423 [opensc-pkcs11] asn1.c:1833:asn1_encode_entry: type=4, tag=0x80000002, parm=0000000001ea70a0, len=3 P:1388; T:8160 2025-03-12 18:08:00.427 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry: length of encoded item=5 P:1388; T:8160 2025-03-12 18:08:00.430 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry: encoding 'coefficientB' (not present) P:1388; T:8160 2025-03-12 18:08:00.433 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry: length of encoded item=0 P:1388; T:8160 2025-03-12 18:08:00.437 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry: encoding 'basePointG' (not present) P:1388; T:8160 2025-03-12 18:08:00.440 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry: length of encoded item=0 P:1388; T:8160 2025-03-12 18:08:00.443 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry: encoding 'order' (not present) P:1388; T:8160 2025-03-12 18:08:00.446 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry: length of encoded item=0 P:1388; T:8160 2025-03-12 18:08:00.449 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry: encoding 'publicPoint' (not present) P:1388; T:8160 2025-03-12 18:08:00.452 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry: length of encoded item=0 P:1388; T:8160 2025-03-12 18:08:00.455 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry: encoding 'cofactor' (not present) P:1388; T:8160 2025-03-12 18:08:00.459 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry: length of encoded item=0 P:1388; T:8160 2025-03-12 18:08:00.462 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry: encoding 'modulusSize' P:1388; T:8160 2025-03-12 18:08:00.465 [opensc-pkcs11] asn1.c:1833:asn1_encode_entry: type=2, tag=0x02, parm=000000000030d5e0, len=0 P:1388; T:8160 2025-03-12 18:08:00.469 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry: length of encoded item=4 P:1388; T:8160 2025-03-12 18:08:00.472 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry: length of encoded item=24 P:1388; T:8160 2025-03-12 18:08:00.475 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry: encoding 'certificateHolderReference' P:1388; T:8160 2025-03-12 18:08:00.478 [opensc-pkcs11] asn1.c:1833:asn1_encode_entry: type=19, tag=0x40001f20, parm=000000000030d5e4, len=16 P:1388; T:8160 2025-03-12 18:08:00.481 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry: length of encoded item=19 P:1388; T:8160 2025-03-12 18:08:00.485 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry: length of encoded item=61 P:1388; T:8160 2025-03-12 18:08:00.488 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry: encoding 'signature' (not present) P:1388; T:8160 2025-03-12 18:08:00.491 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry: length of encoded item=0 P:1388; T:8160 2025-03-12 18:08:00.494 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry: length of encoded item=64 P:1388; T:8160 2025-03-12 18:08:00.497 [opensc-pkcs11] pkcs15-sc-hsm.c:816:sc_pkcs15emu_sc_hsm_encode_cvc: returning with: 0 (Success) P:1388; T:8160 2025-03-12 18:08:00.501 [opensc-pkcs11] card.c:1119:sc_card_ctl: called with cmd=1396918273 P:1388; T:8160 2025-03-12 18:08:00.504 [opensc-pkcs11] card-sc-hsm.c:1722:sc_hsm_generate_keypair: called P:1388; T:8160 2025-03-12 18:08:00.507 [opensc-pkcs11] apdu.c:550:sc_transmit_apdu: called P:1388; T:8160 2025-03-12 18:08:00.510 [opensc-pkcs11] card.c:471:sc_lock: called P:1388; T:8160 2025-03-12 18:08:00.512 [opensc-pkcs11] card.c:513:sc_lock: returning with: 0 (Success) P:1388; T:8160 2025-03-12 18:08:00.514 [opensc-pkcs11] apdu.c:515:sc_transmit: called P:1388; T:8160 2025-03-12 18:08:00.517 [opensc-pkcs11] apdu.c:363:sc_single_transmit: called P:1388; T:8160 2025-03-12 18:08:00.519 [opensc-pkcs11] apdu.c:367:sc_single_transmit: CLA:0, INS:46, P1:3, P2:0, data(58) 00000000004e11a6 P:1388; T:8160 2025-03-12 18:08:00.523 [opensc-pkcs11] reader-pcsc.c:327:pcsc_transmit: reader 'Pol Henarejos Pico Key CCID OTP FIDO Interfac 0' P:1388; T:8160 2025-03-12 18:08:00.527 [opensc-pkcs11] reader-pcsc.c:328:pcsc_transmit: Outgoing APDU (67 bytes): 00 46 03 00 00 00 3A 5F 29 01 00 42 09 55 54 43 .F....:_)..B.UTC 41 30 30 30 30 31 7F 49 15 06 0A 04 00 7F 00 07 A00001.I........ 02 02 02 01 02 82 03 01 00 01 02 02 04 00 5F 20 .............._ 10 45 53 50 49 43 4F 48 53 4D 54 52 30 30 30 30 .ESPICOHSMTR0000 31 00 00 1.. P:1388; T:8160 2025-03-12 18:08:00.537 [opensc-pkcs11] reader-pcsc.c:245:pcsc_internal_transmit: called P:1388; T:8160 2025-03-12 18:08:04.324 [opensc-pkcs11] reader-pcsc.c:334:pcsc_transmit: unable to transmit P:1388; T:8160 2025-03-12 18:08:04.327 [opensc-pkcs11] apdu.c:380:sc_single_transmit: unable to transmit APDU: -1213 (Unknown data received from card) P:1388; T:8160 2025-03-12 18:08:04.332 [opensc-pkcs11] apdu.c:518:sc_transmit: transmit APDU failed: -1213 (Unknown data received from card) P:1388; T:8160 2025-03-12 18:08:04.336 [opensc-pkcs11] card.c:523:sc_unlock: called P:1388; T:8160 2025-03-12 18:08:04.338 [opensc-pkcs11] card-sc-hsm.c:1735:sc_hsm_generate_keypair: APDU transmit failed: -1213 (Unknown data receivedfrom card) P:1388; T:8160 2025-03-12 18:08:04.342 [opensc-pkcs11] card.c:1129:sc_card_ctl: returning with: -1213 (Unknown data received from card) P:1388; T:8160 2025-03-12 18:08:04.346 [opensc-pkcs11] pkcs15-sc-hsm.c:338:sc_hsm_generate_key: returning with: -1213 (Unknown data received from card) P:1388; T:8160 2025-03-12 18:08:04.350 [opensc-pkcs11] pkcs15-lib.c:1618:sc_pkcs15init_generate_key: Failed to generate key: -1213 (Unknown data received from card) P:1388; T:8160 2025-03-12 18:08:04.355 [opensc-pkcs11] pkcs15-lib.c:1681:sc_pkcs15init_generate_key: returning with: -1213 (Unknown data received from card) P:1388; T:8160 2025-03-12 18:08:04.359 [opensc-pkcs11] framework-pkcs15.c:3493:pkcs15_gen_keypair: sc_pkcs15init_generate_key returned -1213 P:1388; T:8160 2025-03-12 18:08:04.363 [opensc-pkcs11] misc.c:72:sc_to_cryptoki_error_common: libopensc return value: -1213 (Unknown data received from card) P:1388; T:8160 2025-03-12 18:08:04.366 [opensc-pkcs11] pkcs15-lib.c:435:sc_pkcs15init_unbind: called P:1388; T:8160 2025-03-12 18:08:04.369 [opensc-pkcs11] pkcs15-lib.c:436:sc_pkcs15init_unbind: Pksc15init Unbind: 0:0000000000552540:1 P:1388; T:8160 2025-03-12 18:08:04.373 [opensc-pkcs11] card.c:523:sc_unlock: called P:1388; T:8160 2025-03-12 18:08:04.375 [opensc-pkcs11] reader-pcsc.c:734:pcsc_unlock: called P:1388; T:8160 2025-03-12 18:08:04.378 [opensc-pkcs11] pkcs11-global.c:415:C_Finalize: C_Finalize() P:1388; T:8160 2025-03-12 18:08:04.381 [opensc-pkcs11] ctx.c:1042:sc_cancel: called P:1388; T:8160 2025-03-12 18:08:04.383 [opensc-pkcs11] reader-pcsc.c:784:pcsc_cancel: called P:1388; T:8160 2025-03-12 18:08:04.385 [opensc-pkcs11] slot.c:191:card_removed: Pol Henarejos Pico Key CCID OTP FIDO Interfac 0: card removed P:1388; T:8160 2025-03-12 18:08:04.389 [opensc-pkcs11] slot.c:501:slot_token_removed: slot_token_removed(0x0) P:1388; T:8160 2025-03-12 18:08:04.393 [opensc-pkcs11] pkcs11-session.c:145:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x0) 1 P:1388; T:8160 2025-03-12 18:08:04.396 [opensc-pkcs11] pkcs11-session.c:109:sc_pkcs11_close_session: real C_CloseSession(0x4dad70) P:1388; T:8160 2025-03-12 18:08:04.399 [opensc-pkcs11] pkcs15-pin.c:851:sc_pkcs15_pincache_clear: called P:1388; T:8160 2025-03-12 18:08:04.402 [opensc-pkcs11] framework-pkcs15.c:2000:pkcs15_logout: Clearing PIN state without calling sc_logout() P:1388; T:8160 2025-03-12 18:08:04.406 [opensc-pkcs11] framework-pkcs15.c:1778:pkcs15_release_token: pkcs15_release_token() not implemented P:1388; T:8160 2025-03-12 18:08:04.409 [opensc-pkcs11] slot.c:501:slot_token_removed: slot_token_removed(0x1) P:1388; T:8160 2025-03-12 18:08:04.413 [opensc-pkcs11] pkcs11-session.c:145:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x1) 0 P:1388; T:8160 2025-03-12 18:08:04.417 [opensc-pkcs11] slot.c:501:slot_token_removed: slot_token_removed(0x2) P:1388; T:8160 2025-03-12 18:08:04.420 [opensc-pkcs11] pkcs11-session.c:145:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x2) 0 P:1388; T:8160 2025-03-12 18:08:04.423 [opensc-pkcs11] slot.c:501:slot_token_removed: slot_token_removed(0x3) P:1388; T:8160 2025-03-12 18:08:04.426 [opensc-pkcs11] pkcs11-session.c:145:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x3) 0 P:1388; T:8160 2025-03-12 18:08:04.430 [opensc-pkcs11] pkcs15.c:1387:sc_pkcs15_unbind: called P:1388; T:8160 2025-03-12 18:08:04.432 [opensc-pkcs11] pkcs15-pin.c:851:sc_pkcs15_pincache_clear: called P:1388; T:8160 2025-03-12 18:08:04.435 [opensc-pkcs11] misc.c:72:sc_to_cryptoki_error_common: libopensc return value: 0 (Success) P:1388; T:8160 2025-03-12 18:08:04.438 [opensc-pkcs11] card.c:414:sc_disconnect_card: called P:1388; T:8160 2025-03-12 18:08:04.441 [opensc-pkcs11] reader-pcsc.c:677:pcsc_disconnect: Pol Henarejos Pico Key CCID OTP FIDO Interfac 0:SCardDisconnect returned: 0x00000000 P:1388; T:8160 2025-03-12 18:08:04.445 [opensc-pkcs11] card.c:434:sc_disconnect_card: returning with: 0 (Success) P:1388; T:8160 2025-03-12 18:08:04.448 [opensc-pkcs11] ctx.c:1066:sc_release_context: called P:1388; T:8160 2025-03-12 18:08:04.451 [opensc-pkcs11] reader-pcsc.c:971:pcsc_finish: called error: PKCS11 function C_GenerateKeyPair failed: rv = CKR_GENERAL_ERROR (0x5) Aborting. ``` Same each (example above for 1024 bit): - `pkcs11-tool -l --pin 0815 --keypairgen --key-type rsa:1024 --id 3 --label test` - `pkcs11-tool -l --pin 0815 --keypairgen --key-type rsa:2048 --id 3 --label test` - `pkcs11-tool -l --pin 0815 --keypairgen --key-type rsa:3072 --id 3 --label test` - `pkcs11-tool -l --pin 0815 --keypairgen --key-type rsa:4096 --id 3 --label test` However, it completes in the background after a while. But usually, the device needs to be plugged again after that to work correctly.

daniel-starke commented 2025-03-13 04:13:34 +08:00 (Migrated from https://github.com/polhenarejos/pico-hsm)

Copy Link

Just for reference:
If I do all the steps here with the 4096 bit RSA key it fails at:
pkcs11-tool --id 31 --sign --pin 0815 --mechanism SHA1-RSA-PKCS -i data -o data.sig
with the following error:

P:4060; T:2008 2025-03-12 21:09:55.863 [opensc-pkcs11] framework-pkcs15.c:4297:pkcs15_prkey_sign: Initiating signing operation, mechanism 0x6.
P:4060; T:2008 2025-03-12 21:09:55.863 [opensc-pkcs11] card.c:471:sc_lock: called
P:4060; T:2008 2025-03-12 21:09:55.863 [opensc-pkcs11] reader-pcsc.c:692:pcsc_lock: called
P:4060; T:2008 2025-03-12 21:09:55.863 [opensc-pkcs11] card.c:513:sc_lock: returning with: 0 (Success)
P:4060; T:2008 2025-03-12 21:09:55.863 [opensc-pkcs11] framework-pkcs15.c:4443:pkcs15_prkey_sign: Selected flags 240. Now computing signature for 20 bytes. 512 bytes reserved.
P:4060; T:2008 2025-03-12 21:09:55.864 [opensc-pkcs11] pkcs15-sec.c:615:sc_pkcs15_compute_signature: called
P:4060; T:2008 2025-03-12 21:09:55.864 [opensc-pkcs11] pkcs15-sec.c:668:sc_pkcs15_compute_signature: supported algorithm flags 0x80E0E211, private key usage 0x2E
P:4060; T:2008 2025-03-12 21:09:55.864 [opensc-pkcs11] padding.c:701:sc_get_encoding_flags: called
P:4060; T:2008 2025-03-12 21:09:55.864 [opensc-pkcs11] padding.c:705:sc_get_encoding_flags: iFlags 0x240, card capabilities 0x80E0E211
P:4060; T:2008 2025-03-12 21:09:55.864 [opensc-pkcs11] padding.c:766:sc_get_encoding_flags: pad flags 0x240, secure algorithm flags 0x1
P:4060; T:2008 2025-03-12 21:09:55.864 [opensc-pkcs11] padding.c:767:sc_get_encoding_flags: returning with: 0 (Success)
P:4060; T:2008 2025-03-12 21:09:55.865 [opensc-pkcs11] pkcs15-sec.c:739:sc_pkcs15_compute_signature: DEE flags:0x00000240 alg_info->flags:0x80e0e211 pad:0x00000240 sec:0x00000001
P:4060; T:2008 2025-03-12 21:09:55.865 [opensc-pkcs11] padding.c:624:sc_pkcs1_encode: called
P:4060; T:2008 2025-03-12 21:09:55.865 [opensc-pkcs11] padding.c:630:sc_pkcs1_encode: hash algorithm 0x200, pad algorithm 0x40
P:4060; T:2008 2025-03-12 21:09:55.865 [opensc-pkcs11] padding.c:654:sc_pkcs1_encode: returning with: 0 (Success)
P:4060; T:2008 2025-03-12 21:09:55.865 [opensc-pkcs11] card.c:471:sc_lock: called
P:4060; T:2008 2025-03-12 21:09:55.865 [opensc-pkcs11] card.c:513:sc_lock: returning with: 0 (Success)
P:4060; T:2008 2025-03-12 21:09:55.866 [opensc-pkcs11] sec.c:108:sc_set_security_env: called
P:4060; T:2008 2025-03-12 21:09:55.866 [opensc-pkcs11] card-sc-hsm.c:1069:sc_hsm_set_security_env: returning with: 0 (Success)
P:4060; T:2008 2025-03-12 21:09:55.866 [opensc-pkcs11] sec.c:112:sc_set_security_env: returning with: 0 (Success)
P:4060; T:2008 2025-03-12 21:09:55.866 [opensc-pkcs11] sec.c:62:sc_compute_signature: called
P:4060; T:2008 2025-03-12 21:09:55.866 [opensc-pkcs11] apdu.c:550:sc_transmit_apdu: called
P:4060; T:2008 2025-03-12 21:09:55.866 [opensc-pkcs11] card.c:471:sc_lock: called
P:4060; T:2008 2025-03-12 21:09:55.866 [opensc-pkcs11] card.c:513:sc_lock: returning with: 0 (Success)
P:4060; T:2008 2025-03-12 21:09:55.867 [opensc-pkcs11] apdu.c:515:sc_transmit: called
P:4060; T:2008 2025-03-12 21:09:55.867 [opensc-pkcs11] apdu.c:363:sc_single_transmit: called
P:4060; T:2008 2025-03-12 21:09:55.867 [opensc-pkcs11] apdu.c:367:sc_single_transmit: CLA:80, INS:68, P1:1, P2:20, data(512) 0000000000100000
P:4060; T:2008 2025-03-12 21:09:55.867 [opensc-pkcs11] reader-pcsc.c:327:pcsc_transmit: reader 'Pol Henarejos Pico Key CCID OTP FIDO Interfac 0'
P:4060; T:2008 2025-03-12 21:09:55.867 [opensc-pkcs11] reader-pcsc.c:328:pcsc_transmit: 
Outgoing APDU (521 bytes):
80 68 01 20 00 02 00 00 01 FF FF FF FF FF FF FF .h. ............
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF 00 30 21 30 09 06 05 2B 0E 03 02 1A 05 ....0!0...+.....
00 04 14 CC CE FE AB DC E3 EC 74 1D 23 39 B4 88 ..........t.#9..
04 4A 43 B6 39 A3 D6 02 00                      .JC.9....

P:4060; T:2008 2025-03-12 21:09:55.870 [opensc-pkcs11] reader-pcsc.c:245:pcsc_internal_transmit: called
P:4060; T:2008 2025-03-12 21:09:59.055 [opensc-pkcs11] reader-pcsc.c:334:pcsc_transmit: unable to transmit
P:4060; T:2008 2025-03-12 21:09:59.055 [opensc-pkcs11] apdu.c:380:sc_single_transmit: unable to transmit APDU: -1213 (Unknown data received from card)
P:4060; T:2008 2025-03-12 21:09:59.055 [opensc-pkcs11] apdu.c:518:sc_transmit: transmit APDU failed: -1213 (Unknown data received from card)
P:4060; T:2008 2025-03-12 21:09:59.055 [opensc-pkcs11] card.c:523:sc_unlock: called
P:4060; T:2008 2025-03-12 21:09:59.055 [opensc-pkcs11] card-sc-hsm.c:1121:sc_hsm_compute_signature: APDU transmit failed: -1213 (Unknown data received from card)
P:4060; T:2008 2025-03-12 21:09:59.056 [opensc-pkcs11] sec.c:66:sc_compute_signature: returning with: -1213 (Unknown data received from card)
P:4060; T:2008 2025-03-12 21:09:59.056 [opensc-pkcs11] card.c:523:sc_unlock: called
P:4060; T:2008 2025-03-12 21:09:59.056 [opensc-pkcs11] pkcs15-sec.c:169:use_key: returning with: -1213 (Unknown data received from card)
P:4060; T:2008 2025-03-12 21:09:59.056 [opensc-pkcs11] pkcs15-sec.c:779:sc_pkcs15_compute_signature: use_key() failed: -1213 (Unknown data received from card)
P:4060; T:2008 2025-03-12 21:09:59.056 [opensc-pkcs11] pkcs15-sec.c:792:sc_pkcs15_compute_signature: returning with: -1213 (Unknown data received from card)
P:4060; T:2008 2025-03-12 21:09:59.057 [opensc-pkcs11] card.c:523:sc_unlock: called
P:4060; T:2008 2025-03-12 21:09:59.057 [opensc-pkcs11] reader-pcsc.c:734:pcsc_unlock: called
P:4060; T:2008 2025-03-12 21:09:59.057 [opensc-pkcs11] framework-pkcs15.c:4451:pkcs15_prkey_sign: Sign complete. Result -1213.
P:4060; T:2008 2025-03-12 21:09:59.057 [opensc-pkcs11] misc.c:72:sc_to_cryptoki_error_common: libopensc return value: -1213 (Unknown data received from card)
P:4060; T:2008 2025-03-12 21:09:59.057 [opensc-pkcs11] mechanism.c:608:sc_pkcs11_signature_final: returning with: 5
P:4060; T:2008 2025-03-12 21:09:59.058 [opensc-pkcs11] mechanism.c:465:sc_pkcs11_sign_final: returning with: 5
P:4060; T:2008 2025-03-12 21:09:59.058 [opensc-pkcs11] pkcs11-object.c:745:C_Sign: C_Sign() = CKR_GENERAL_ERROR
P:4060; T:2008 2025-03-12 21:09:59.058 [opensc-pkcs11] framework-pkcs15.c:4034:pkcs15_prkey_get_attribute: pkcs15_prkey_get_attribute() called
P:4060; T:2008 2025-03-12 21:09:59.058 [opensc-pkcs11] framework-pkcs15.c:4034:pkcs15_prkey_get_attribute: pkcs15_prkey_get_attribute() called
P:4060; T:2008 2025-03-12 21:09:59.058 [opensc-pkcs11] mechanism.c:378:sc_pkcs11_sign_init: called
P:4060; T:2008 2025-03-12 21:09:59.058 [opensc-pkcs11] mechanism.c:383:sc_pkcs11_sign_init: mechanism 0x6, key-type 0x0
P:4060; T:2008 2025-03-12 21:09:59.059 [opensc-pkcs11] misc.c:268:session_start_operation: called
P:4060; T:2008 2025-03-12 21:09:59.059 [opensc-pkcs11] misc.c:269:session_start_operation: Session 0x4cae30, type 1
P:4060; T:2008 2025-03-12 21:09:59.059 [opensc-pkcs11] mechanism.c:505:sc_pkcs11_signature_init: called
P:4060; T:2008 2025-03-12 21:09:59.059 [opensc-pkcs11] framework-pkcs15.c:4751:pkcs15_prkey_can_do: called
P:4060; T:2008 2025-03-12 21:09:59.059 [opensc-pkcs11] framework-pkcs15.c:4752:pkcs15_prkey_can_do: check hardware capabilities: CK_MECHANISM_TYPE=0x6 (CKM) and CKF_xxx=0x800
P:4060; T:2008 2025-03-12 21:09:59.059 [opensc-pkcs11] framework-pkcs15.c:4760:pkcs15_prkey_can_do: returning with: 84
P:4060; T:2008 2025-03-12 21:09:59.060 [opensc-pkcs11] mechanism.c:559:sc_pkcs11_signature_init: returning with: 0 (Success)
P:4060; T:2008 2025-03-12 21:09:59.060 [opensc-pkcs11] mechanism.c:412:sc_pkcs11_sign_init: returning with: 0 (Success)
P:4060; T:2008 2025-03-12 21:09:59.060 [opensc-pkcs11] pkcs11-object.c:697:C_SignInit: C_SignInit() = CKR_OK
P:4060; T:2008 2025-03-12 21:09:59.060 [opensc-pkcs11] framework-pkcs15.c:4034:pkcs15_prkey_get_attribute: pkcs15_prkey_get_attribute() called
P:4060; T:2008 2025-03-12 21:09:59.060 [opensc-pkcs11] pkcs11-object.c:270:C_GetAttributeValue: Object 30960544: CKA_CLASS = CKO_PRIVATE_KEY
P:4060; T:2008 2025-03-12 21:09:59.060 [opensc-pkcs11] pkcs11-object.c:294:C_GetAttributeValue: C_GetAttributeValue(hSession=0x4cae30, hObject=0x1d86ba0) = CKR_OK
P:4060; T:2008 2025-03-12 21:09:59.061 [opensc-pkcs11] framework-pkcs15.c:4034:pkcs15_prkey_get_attribute: pkcs15_prkey_get_attribute() called
P:4060; T:2008 2025-03-12 21:09:59.061 [opensc-pkcs11] pkcs11-object.c:270:C_GetAttributeValue: Object 30960544: CKA_ALWAYS_AUTHENTICATE = FALSE
P:4060; T:2008 2025-03-12 21:09:59.061 [opensc-pkcs11] pkcs11-object.c:294:C_GetAttributeValue: C_GetAttributeValue(hSession=0x4cae30, hObject=0x1d86ba0) = CKR_OK
P:4060; T:2008 2025-03-12 21:09:59.061 [opensc-pkcs11] mechanism.c:422:sc_pkcs11_sign_update: called
P:4060; T:2008 2025-03-12 21:09:59.061 [opensc-pkcs11] misc.c:290:session_get_operation: called
P:4060; T:2008 2025-03-12 21:09:59.062 [opensc-pkcs11] mechanism.c:569:sc_pkcs11_signature_update: called
P:4060; T:2008 2025-03-12 21:09:59.062 [opensc-pkcs11] mechanism.c:570:sc_pkcs11_signature_update: data part length 43
P:4060; T:2008 2025-03-12 21:09:59.062 [opensc-pkcs11] mechanism.c:574:sc_pkcs11_signature_update: returning with: 0 (Success)
P:4060; T:2008 2025-03-12 21:09:59.062 [opensc-pkcs11] mechanism.c:438:sc_pkcs11_sign_update: returning with: 0 (Success)
P:4060; T:2008 2025-03-12 21:09:59.062 [opensc-pkcs11] pkcs11-object.c:767:C_SignUpdate: C_SignUpdate() = CKR_OK
P:4060; T:2008 2025-03-12 21:09:59.062 [opensc-pkcs11] misc.c:290:session_get_operation: called
P:4060; T:2008 2025-03-12 21:09:59.062 [opensc-pkcs11] framework-pkcs15.c:4034:pkcs15_prkey_get_attribute: pkcs15_prkey_get_attribute() called
P:4060; T:2008 2025-03-12 21:09:59.063 [opensc-pkcs11] framework-pkcs15.c:4034:pkcs15_prkey_get_attribute: pkcs15_prkey_get_attribute() called
P:4060; T:2008 2025-03-12 21:09:59.063 [opensc-pkcs11] mechanism.c:654:sc_pkcs11_signature_size: returning with: 0 (Success)
P:4060; T:2008 2025-03-12 21:09:59.063 [opensc-pkcs11] mechanism.c:490:sc_pkcs11_sign_size: returning with: 0 (Success)
P:4060; T:2008 2025-03-12 21:09:59.063 [opensc-pkcs11] mechanism.c:448:sc_pkcs11_sign_final: called
P:4060; T:2008 2025-03-12 21:09:59.063 [opensc-pkcs11] misc.c:290:session_get_operation: called
P:4060; T:2008 2025-03-12 21:09:59.063 [opensc-pkcs11] mechanism.c:589:sc_pkcs11_signature_final: called
P:4060; T:2008 2025-03-12 21:09:59.064 [opensc-pkcs11] framework-pkcs15.c:4297:pkcs15_prkey_sign: Initiating signing operation, mechanism 0x6.
P:4060; T:2008 2025-03-12 21:09:59.064 [opensc-pkcs11] card.c:471:sc_lock: called
P:4060; T:2008 2025-03-12 21:09:59.064 [opensc-pkcs11] reader-pcsc.c:692:pcsc_lock: called
P:4060; T:2008 2025-03-12 21:09:59.064 [opensc-pkcs11] card.c:513:sc_lock: returning with: 0 (Success)
P:4060; T:2008 2025-03-12 21:09:59.064 [opensc-pkcs11] framework-pkcs15.c:4443:pkcs15_prkey_sign: Selected flags 240. Now computing signature for 20 bytes. 512 bytes reserved.
P:4060; T:2008 2025-03-12 21:09:59.065 [opensc-pkcs11] pkcs15-sec.c:615:sc_pkcs15_compute_signature: called
P:4060; T:2008 2025-03-12 21:09:59.065 [opensc-pkcs11] pkcs15-sec.c:668:sc_pkcs15_compute_signature: supported algorithm flags 0x80E0E211, private key usage 0x2E
P:4060; T:2008 2025-03-12 21:09:59.065 [opensc-pkcs11] padding.c:701:sc_get_encoding_flags: called
P:4060; T:2008 2025-03-12 21:09:59.065 [opensc-pkcs11] padding.c:705:sc_get_encoding_flags: iFlags 0x240, card capabilities 0x80E0E211
P:4060; T:2008 2025-03-12 21:09:59.065 [opensc-pkcs11] padding.c:766:sc_get_encoding_flags: pad flags 0x240, secure algorithm flags 0x1
P:4060; T:2008 2025-03-12 21:09:59.065 [opensc-pkcs11] padding.c:767:sc_get_encoding_flags: returning with: 0 (Success)
P:4060; T:2008 2025-03-12 21:09:59.066 [opensc-pkcs11] pkcs15-sec.c:739:sc_pkcs15_compute_signature: DEE flags:0x00000240 alg_info->flags:0x80e0e211 pad:0x00000240 sec:0x00000001
P:4060; T:2008 2025-03-12 21:09:59.066 [opensc-pkcs11] padding.c:624:sc_pkcs1_encode: called
P:4060; T:2008 2025-03-12 21:09:59.066 [opensc-pkcs11] padding.c:630:sc_pkcs1_encode: hash algorithm 0x200, pad algorithm 0x40
P:4060; T:2008 2025-03-12 21:09:59.066 [opensc-pkcs11] padding.c:654:sc_pkcs1_encode: returning with: 0 (Success)
P:4060; T:2008 2025-03-12 21:09:59.066 [opensc-pkcs11] card.c:471:sc_lock: called
P:4060; T:2008 2025-03-12 21:09:59.066 [opensc-pkcs11] card.c:513:sc_lock: returning with: 0 (Success)
P:4060; T:2008 2025-03-12 21:09:59.067 [opensc-pkcs11] sec.c:108:sc_set_security_env: called
P:4060; T:2008 2025-03-12 21:09:59.067 [opensc-pkcs11] card-sc-hsm.c:1069:sc_hsm_set_security_env: returning with: 0 (Success)
P:4060; T:2008 2025-03-12 21:09:59.067 [opensc-pkcs11] sec.c:112:sc_set_security_env: returning with: 0 (Success)
P:4060; T:2008 2025-03-12 21:09:59.067 [opensc-pkcs11] sec.c:62:sc_compute_signature: called
P:4060; T:2008 2025-03-12 21:09:59.067 [opensc-pkcs11] apdu.c:550:sc_transmit_apdu: called
P:4060; T:2008 2025-03-12 21:09:59.067 [opensc-pkcs11] card.c:471:sc_lock: called
P:4060; T:2008 2025-03-12 21:09:59.067 [opensc-pkcs11] card.c:513:sc_lock: returning with: 0 (Success)
P:4060; T:2008 2025-03-12 21:09:59.068 [opensc-pkcs11] apdu.c:515:sc_transmit: called
P:4060; T:2008 2025-03-12 21:09:59.068 [opensc-pkcs11] apdu.c:363:sc_single_transmit: called
P:4060; T:2008 2025-03-12 21:09:59.068 [opensc-pkcs11] apdu.c:367:sc_single_transmit: CLA:80, INS:68, P1:1, P2:20, data(512) 0000000000100000
P:4060; T:2008 2025-03-12 21:09:59.068 [opensc-pkcs11] reader-pcsc.c:327:pcsc_transmit: reader 'Pol Henarejos Pico Key CCID OTP FIDO Interfac 0'
P:4060; T:2008 2025-03-12 21:09:59.069 [opensc-pkcs11] reader-pcsc.c:328:pcsc_transmit: 
Outgoing APDU (521 bytes):
80 68 01 20 00 02 00 00 01 FF FF FF FF FF FF FF .h. ............
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF 00 30 21 30 09 06 05 2B 0E 03 02 1A 05 ....0!0...+.....
00 04 14 CC CE FE AB DC E3 EC 74 1D 23 39 B4 88 ..........t.#9..
04 4A 43 B6 39 A3 D6 02 00                      .JC.9....

P:4060; T:2008 2025-03-12 21:09:59.072 [opensc-pkcs11] reader-pcsc.c:245:pcsc_internal_transmit: called
P:4060; T:2008 2025-03-12 21:10:02.256 [opensc-pkcs11] reader-pcsc.c:334:pcsc_transmit: unable to transmit
P:4060; T:2008 2025-03-12 21:10:02.256 [opensc-pkcs11] apdu.c:380:sc_single_transmit: unable to transmit APDU: -1213 (Unknown data received from card)
P:4060; T:2008 2025-03-12 21:10:02.257 [opensc-pkcs11] apdu.c:518:sc_transmit: transmit APDU failed: -1213 (Unknown data received from card)
P:4060; T:2008 2025-03-12 21:10:02.257 [opensc-pkcs11] card.c:523:sc_unlock: called
P:4060; T:2008 2025-03-12 21:10:02.257 [opensc-pkcs11] card-sc-hsm.c:1121:sc_hsm_compute_signature: APDU transmit failed: -1213 (Unknown data received from card)
P:4060; T:2008 2025-03-12 21:10:02.258 [opensc-pkcs11] sec.c:66:sc_compute_signature: returning with: -1213 (Unknown data received from card)
P:4060; T:2008 2025-03-12 21:10:02.258 [opensc-pkcs11] card.c:523:sc_unlock: called
P:4060; T:2008 2025-03-12 21:10:02.259 [opensc-pkcs11] pkcs15-sec.c:169:use_key: returning with: -1213 (Unknown data received from card)
P:4060; T:2008 2025-03-12 21:10:02.259 [opensc-pkcs11] pkcs15-sec.c:779:sc_pkcs15_compute_signature: use_key() failed: -1213 (Unknown data received from card)
P:4060; T:2008 2025-03-12 21:10:02.260 [opensc-pkcs11] pkcs15-sec.c:792:sc_pkcs15_compute_signature: returning with: -1213 (Unknown data received from card)
P:4060; T:2008 2025-03-12 21:10:02.260 [opensc-pkcs11] card.c:523:sc_unlock: called
P:4060; T:2008 2025-03-12 21:10:02.260 [opensc-pkcs11] reader-pcsc.c:734:pcsc_unlock: called
P:4060; T:2008 2025-03-12 21:10:02.261 [opensc-pkcs11] framework-pkcs15.c:4451:pkcs15_prkey_sign: Sign complete. Result -1213.
P:4060; T:2008 2025-03-12 21:10:02.261 [opensc-pkcs11] misc.c:72:sc_to_cryptoki_error_common: libopensc return value: -1213 (Unknown data received from card)
P:4060; T:2008 2025-03-12 21:10:02.262 [opensc-pkcs11] mechanism.c:608:sc_pkcs11_signature_final: returning with: 5
P:4060; T:2008 2025-03-12 21:10:02.262 [opensc-pkcs11] mechanism.c:465:sc_pkcs11_sign_final: returning with: 5
P:4060; T:2008 2025-03-12 21:10:02.262 [opensc-pkcs11] pkcs11-object.c:809:C_SignFinal: C_SignFinal() = CKR_GENERAL_ERROR
P:4060; T:2008 2025-03-12 21:10:02.263 [opensc-pkcs11] pkcs11-global.c:415:C_Finalize: C_Finalize()
P:4060; T:2008 2025-03-12 21:10:02.263 [opensc-pkcs11] ctx.c:1042:sc_cancel: called
P:4060; T:2008 2025-03-12 21:10:02.263 [opensc-pkcs11] reader-pcsc.c:784:pcsc_cancel: called
P:4060; T:2008 2025-03-12 21:10:02.264 [opensc-pkcs11] slot.c:191:card_removed: Pol Henarejos Pico Key CCID OTP FIDO Interfac 0: card removed
P:4060; T:2008 2025-03-12 21:10:02.264 [opensc-pkcs11] slot.c:501:slot_token_removed: slot_token_removed(0x0)
P:4060; T:2008 2025-03-12 21:10:02.265 [opensc-pkcs11] pkcs11-session.c:145:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x0) 1
P:4060; T:2008 2025-03-12 21:10:02.265 [opensc-pkcs11] pkcs11-session.c:109:sc_pkcs11_close_session: real C_CloseSession(0x4cae30)
P:4060; T:2008 2025-03-12 21:10:02.266 [opensc-pkcs11] pkcs15-pin.c:851:sc_pkcs15_pincache_clear: called
P:4060; T:2008 2025-03-12 21:10:02.266 [opensc-pkcs11] framework-pkcs15.c:2000:pkcs15_logout: Clearing PIN state without calling sc_logout()
P:4060; T:2008 2025-03-12 21:10:02.266 [opensc-pkcs11] framework-pkcs15.c:1778:pkcs15_release_token: pkcs15_release_token() not implemented
P:4060; T:2008 2025-03-12 21:10:02.267 [opensc-pkcs11] slot.c:501:slot_token_removed: slot_token_removed(0x1)
P:4060; T:2008 2025-03-12 21:10:02.267 [opensc-pkcs11] pkcs11-session.c:145:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x1) 0
P:4060; T:2008 2025-03-12 21:10:02.268 [opensc-pkcs11] slot.c:501:slot_token_removed: slot_token_removed(0x2)
P:4060; T:2008 2025-03-12 21:10:02.268 [opensc-pkcs11] pkcs11-session.c:145:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x2) 0
P:4060; T:2008 2025-03-12 21:10:02.268 [opensc-pkcs11] slot.c:501:slot_token_removed: slot_token_removed(0x3)
P:4060; T:2008 2025-03-12 21:10:02.269 [opensc-pkcs11] pkcs11-session.c:145:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x3) 0
P:4060; T:2008 2025-03-12 21:10:02.269 [opensc-pkcs11] pkcs15.c:1387:sc_pkcs15_unbind: called
P:4060; T:2008 2025-03-12 21:10:02.269 [opensc-pkcs11] pkcs15-pin.c:851:sc_pkcs15_pincache_clear: called
P:4060; T:2008 2025-03-12 21:10:02.270 [opensc-pkcs11] misc.c:72:sc_to_cryptoki_error_common: libopensc return value: 0 (Success)
P:4060; T:2008 2025-03-12 21:10:02.270 [opensc-pkcs11] card.c:414:sc_disconnect_card: called
P:4060; T:2008 2025-03-12 21:10:02.271 [opensc-pkcs11] reader-pcsc.c:677:pcsc_disconnect: Pol Henarejos Pico Key CCID OTP FIDO Interfac 0:SCardDisconnect returned: 0x00000000
P:4060; T:2008 2025-03-12 21:10:02.272 [opensc-pkcs11] card.c:434:sc_disconnect_card: returning with: 0 (Success)
P:4060; T:2008 2025-03-12 21:10:02.272 [opensc-pkcs11] ctx.c:1066:sc_release_context: called
P:4060; T:2008 2025-03-12 21:10:02.272 [opensc-pkcs11] reader-pcsc.c:971:pcsc_finish: called
error: PKCS11 function C_SignFinal failed: rv = CKR_GENERAL_ERROR (0x5)
Aborting.

Just for reference: If I do all the steps [here](https://github.com/polhenarejos/pico-hsm/issues/80#issuecomment-2715242135) with the 4096 bit RSA key it fails at: `pkcs11-tool --id 31 --sign --pin 0815 --mechanism SHA1-RSA-PKCS -i data -o data.sig` with the following error: ``` P:4060; T:2008 2025-03-12 21:09:55.863 [opensc-pkcs11] framework-pkcs15.c:4297:pkcs15_prkey_sign: Initiating signing operation, mechanism 0x6. P:4060; T:2008 2025-03-12 21:09:55.863 [opensc-pkcs11] card.c:471:sc_lock: called P:4060; T:2008 2025-03-12 21:09:55.863 [opensc-pkcs11] reader-pcsc.c:692:pcsc_lock: called P:4060; T:2008 2025-03-12 21:09:55.863 [opensc-pkcs11] card.c:513:sc_lock: returning with: 0 (Success) P:4060; T:2008 2025-03-12 21:09:55.863 [opensc-pkcs11] framework-pkcs15.c:4443:pkcs15_prkey_sign: Selected flags 240. Now computing signature for 20 bytes. 512 bytes reserved. P:4060; T:2008 2025-03-12 21:09:55.864 [opensc-pkcs11] pkcs15-sec.c:615:sc_pkcs15_compute_signature: called P:4060; T:2008 2025-03-12 21:09:55.864 [opensc-pkcs11] pkcs15-sec.c:668:sc_pkcs15_compute_signature: supported algorithm flags 0x80E0E211, private key usage 0x2E P:4060; T:2008 2025-03-12 21:09:55.864 [opensc-pkcs11] padding.c:701:sc_get_encoding_flags: called P:4060; T:2008 2025-03-12 21:09:55.864 [opensc-pkcs11] padding.c:705:sc_get_encoding_flags: iFlags 0x240, card capabilities 0x80E0E211 P:4060; T:2008 2025-03-12 21:09:55.864 [opensc-pkcs11] padding.c:766:sc_get_encoding_flags: pad flags 0x240, secure algorithm flags 0x1 P:4060; T:2008 2025-03-12 21:09:55.864 [opensc-pkcs11] padding.c:767:sc_get_encoding_flags: returning with: 0 (Success) P:4060; T:2008 2025-03-12 21:09:55.865 [opensc-pkcs11] pkcs15-sec.c:739:sc_pkcs15_compute_signature: DEE flags:0x00000240 alg_info->flags:0x80e0e211 pad:0x00000240 sec:0x00000001 P:4060; T:2008 2025-03-12 21:09:55.865 [opensc-pkcs11] padding.c:624:sc_pkcs1_encode: called P:4060; T:2008 2025-03-12 21:09:55.865 [opensc-pkcs11] padding.c:630:sc_pkcs1_encode: hash algorithm 0x200, pad algorithm 0x40 P:4060; T:2008 2025-03-12 21:09:55.865 [opensc-pkcs11] padding.c:654:sc_pkcs1_encode: returning with: 0 (Success) P:4060; T:2008 2025-03-12 21:09:55.865 [opensc-pkcs11] card.c:471:sc_lock: called P:4060; T:2008 2025-03-12 21:09:55.865 [opensc-pkcs11] card.c:513:sc_lock: returning with: 0 (Success) P:4060; T:2008 2025-03-12 21:09:55.866 [opensc-pkcs11] sec.c:108:sc_set_security_env: called P:4060; T:2008 2025-03-12 21:09:55.866 [opensc-pkcs11] card-sc-hsm.c:1069:sc_hsm_set_security_env: returning with: 0 (Success) P:4060; T:2008 2025-03-12 21:09:55.866 [opensc-pkcs11] sec.c:112:sc_set_security_env: returning with: 0 (Success) P:4060; T:2008 2025-03-12 21:09:55.866 [opensc-pkcs11] sec.c:62:sc_compute_signature: called P:4060; T:2008 2025-03-12 21:09:55.866 [opensc-pkcs11] apdu.c:550:sc_transmit_apdu: called P:4060; T:2008 2025-03-12 21:09:55.866 [opensc-pkcs11] card.c:471:sc_lock: called P:4060; T:2008 2025-03-12 21:09:55.866 [opensc-pkcs11] card.c:513:sc_lock: returning with: 0 (Success) P:4060; T:2008 2025-03-12 21:09:55.867 [opensc-pkcs11] apdu.c:515:sc_transmit: called P:4060; T:2008 2025-03-12 21:09:55.867 [opensc-pkcs11] apdu.c:363:sc_single_transmit: called P:4060; T:2008 2025-03-12 21:09:55.867 [opensc-pkcs11] apdu.c:367:sc_single_transmit: CLA:80, INS:68, P1:1, P2:20, data(512) 0000000000100000 P:4060; T:2008 2025-03-12 21:09:55.867 [opensc-pkcs11] reader-pcsc.c:327:pcsc_transmit: reader 'Pol Henarejos Pico Key CCID OTP FIDO Interfac 0' P:4060; T:2008 2025-03-12 21:09:55.867 [opensc-pkcs11] reader-pcsc.c:328:pcsc_transmit: Outgoing APDU (521 bytes): 80 68 01 20 00 02 00 00 01 FF FF FF FF FF FF FF .h. ............ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF 00 30 21 30 09 06 05 2B 0E 03 02 1A 05 ....0!0...+..... 00 04 14 CC CE FE AB DC E3 EC 74 1D 23 39 B4 88 ..........t.#9.. 04 4A 43 B6 39 A3 D6 02 00 .JC.9.... P:4060; T:2008 2025-03-12 21:09:55.870 [opensc-pkcs11] reader-pcsc.c:245:pcsc_internal_transmit: called P:4060; T:2008 2025-03-12 21:09:59.055 [opensc-pkcs11] reader-pcsc.c:334:pcsc_transmit: unable to transmit P:4060; T:2008 2025-03-12 21:09:59.055 [opensc-pkcs11] apdu.c:380:sc_single_transmit: unable to transmit APDU: -1213 (Unknown data received from card) P:4060; T:2008 2025-03-12 21:09:59.055 [opensc-pkcs11] apdu.c:518:sc_transmit: transmit APDU failed: -1213 (Unknown data received from card) P:4060; T:2008 2025-03-12 21:09:59.055 [opensc-pkcs11] card.c:523:sc_unlock: called P:4060; T:2008 2025-03-12 21:09:59.055 [opensc-pkcs11] card-sc-hsm.c:1121:sc_hsm_compute_signature: APDU transmit failed: -1213 (Unknown data received from card) P:4060; T:2008 2025-03-12 21:09:59.056 [opensc-pkcs11] sec.c:66:sc_compute_signature: returning with: -1213 (Unknown data received from card) P:4060; T:2008 2025-03-12 21:09:59.056 [opensc-pkcs11] card.c:523:sc_unlock: called P:4060; T:2008 2025-03-12 21:09:59.056 [opensc-pkcs11] pkcs15-sec.c:169:use_key: returning with: -1213 (Unknown data received from card) P:4060; T:2008 2025-03-12 21:09:59.056 [opensc-pkcs11] pkcs15-sec.c:779:sc_pkcs15_compute_signature: use_key() failed: -1213 (Unknown data received from card) P:4060; T:2008 2025-03-12 21:09:59.056 [opensc-pkcs11] pkcs15-sec.c:792:sc_pkcs15_compute_signature: returning with: -1213 (Unknown data received from card) P:4060; T:2008 2025-03-12 21:09:59.057 [opensc-pkcs11] card.c:523:sc_unlock: called P:4060; T:2008 2025-03-12 21:09:59.057 [opensc-pkcs11] reader-pcsc.c:734:pcsc_unlock: called P:4060; T:2008 2025-03-12 21:09:59.057 [opensc-pkcs11] framework-pkcs15.c:4451:pkcs15_prkey_sign: Sign complete. Result -1213. P:4060; T:2008 2025-03-12 21:09:59.057 [opensc-pkcs11] misc.c:72:sc_to_cryptoki_error_common: libopensc return value: -1213 (Unknown data received from card) P:4060; T:2008 2025-03-12 21:09:59.057 [opensc-pkcs11] mechanism.c:608:sc_pkcs11_signature_final: returning with: 5 P:4060; T:2008 2025-03-12 21:09:59.058 [opensc-pkcs11] mechanism.c:465:sc_pkcs11_sign_final: returning with: 5 P:4060; T:2008 2025-03-12 21:09:59.058 [opensc-pkcs11] pkcs11-object.c:745:C_Sign: C_Sign() = CKR_GENERAL_ERROR P:4060; T:2008 2025-03-12 21:09:59.058 [opensc-pkcs11] framework-pkcs15.c:4034:pkcs15_prkey_get_attribute: pkcs15_prkey_get_attribute() called P:4060; T:2008 2025-03-12 21:09:59.058 [opensc-pkcs11] framework-pkcs15.c:4034:pkcs15_prkey_get_attribute: pkcs15_prkey_get_attribute() called P:4060; T:2008 2025-03-12 21:09:59.058 [opensc-pkcs11] mechanism.c:378:sc_pkcs11_sign_init: called P:4060; T:2008 2025-03-12 21:09:59.058 [opensc-pkcs11] mechanism.c:383:sc_pkcs11_sign_init: mechanism 0x6, key-type 0x0 P:4060; T:2008 2025-03-12 21:09:59.059 [opensc-pkcs11] misc.c:268:session_start_operation: called P:4060; T:2008 2025-03-12 21:09:59.059 [opensc-pkcs11] misc.c:269:session_start_operation: Session 0x4cae30, type 1 P:4060; T:2008 2025-03-12 21:09:59.059 [opensc-pkcs11] mechanism.c:505:sc_pkcs11_signature_init: called P:4060; T:2008 2025-03-12 21:09:59.059 [opensc-pkcs11] framework-pkcs15.c:4751:pkcs15_prkey_can_do: called P:4060; T:2008 2025-03-12 21:09:59.059 [opensc-pkcs11] framework-pkcs15.c:4752:pkcs15_prkey_can_do: check hardware capabilities: CK_MECHANISM_TYPE=0x6 (CKM) and CKF_xxx=0x800 P:4060; T:2008 2025-03-12 21:09:59.059 [opensc-pkcs11] framework-pkcs15.c:4760:pkcs15_prkey_can_do: returning with: 84 P:4060; T:2008 2025-03-12 21:09:59.060 [opensc-pkcs11] mechanism.c:559:sc_pkcs11_signature_init: returning with: 0 (Success) P:4060; T:2008 2025-03-12 21:09:59.060 [opensc-pkcs11] mechanism.c:412:sc_pkcs11_sign_init: returning with: 0 (Success) P:4060; T:2008 2025-03-12 21:09:59.060 [opensc-pkcs11] pkcs11-object.c:697:C_SignInit: C_SignInit() = CKR_OK P:4060; T:2008 2025-03-12 21:09:59.060 [opensc-pkcs11] framework-pkcs15.c:4034:pkcs15_prkey_get_attribute: pkcs15_prkey_get_attribute() called P:4060; T:2008 2025-03-12 21:09:59.060 [opensc-pkcs11] pkcs11-object.c:270:C_GetAttributeValue: Object 30960544: CKA_CLASS = CKO_PRIVATE_KEY P:4060; T:2008 2025-03-12 21:09:59.060 [opensc-pkcs11] pkcs11-object.c:294:C_GetAttributeValue: C_GetAttributeValue(hSession=0x4cae30, hObject=0x1d86ba0) = CKR_OK P:4060; T:2008 2025-03-12 21:09:59.061 [opensc-pkcs11] framework-pkcs15.c:4034:pkcs15_prkey_get_attribute: pkcs15_prkey_get_attribute() called P:4060; T:2008 2025-03-12 21:09:59.061 [opensc-pkcs11] pkcs11-object.c:270:C_GetAttributeValue: Object 30960544: CKA_ALWAYS_AUTHENTICATE = FALSE P:4060; T:2008 2025-03-12 21:09:59.061 [opensc-pkcs11] pkcs11-object.c:294:C_GetAttributeValue: C_GetAttributeValue(hSession=0x4cae30, hObject=0x1d86ba0) = CKR_OK P:4060; T:2008 2025-03-12 21:09:59.061 [opensc-pkcs11] mechanism.c:422:sc_pkcs11_sign_update: called P:4060; T:2008 2025-03-12 21:09:59.061 [opensc-pkcs11] misc.c:290:session_get_operation: called P:4060; T:2008 2025-03-12 21:09:59.062 [opensc-pkcs11] mechanism.c:569:sc_pkcs11_signature_update: called P:4060; T:2008 2025-03-12 21:09:59.062 [opensc-pkcs11] mechanism.c:570:sc_pkcs11_signature_update: data part length 43 P:4060; T:2008 2025-03-12 21:09:59.062 [opensc-pkcs11] mechanism.c:574:sc_pkcs11_signature_update: returning with: 0 (Success) P:4060; T:2008 2025-03-12 21:09:59.062 [opensc-pkcs11] mechanism.c:438:sc_pkcs11_sign_update: returning with: 0 (Success) P:4060; T:2008 2025-03-12 21:09:59.062 [opensc-pkcs11] pkcs11-object.c:767:C_SignUpdate: C_SignUpdate() = CKR_OK P:4060; T:2008 2025-03-12 21:09:59.062 [opensc-pkcs11] misc.c:290:session_get_operation: called P:4060; T:2008 2025-03-12 21:09:59.062 [opensc-pkcs11] framework-pkcs15.c:4034:pkcs15_prkey_get_attribute: pkcs15_prkey_get_attribute() called P:4060; T:2008 2025-03-12 21:09:59.063 [opensc-pkcs11] framework-pkcs15.c:4034:pkcs15_prkey_get_attribute: pkcs15_prkey_get_attribute() called P:4060; T:2008 2025-03-12 21:09:59.063 [opensc-pkcs11] mechanism.c:654:sc_pkcs11_signature_size: returning with: 0 (Success) P:4060; T:2008 2025-03-12 21:09:59.063 [opensc-pkcs11] mechanism.c:490:sc_pkcs11_sign_size: returning with: 0 (Success) P:4060; T:2008 2025-03-12 21:09:59.063 [opensc-pkcs11] mechanism.c:448:sc_pkcs11_sign_final: called P:4060; T:2008 2025-03-12 21:09:59.063 [opensc-pkcs11] misc.c:290:session_get_operation: called P:4060; T:2008 2025-03-12 21:09:59.063 [opensc-pkcs11] mechanism.c:589:sc_pkcs11_signature_final: called P:4060; T:2008 2025-03-12 21:09:59.064 [opensc-pkcs11] framework-pkcs15.c:4297:pkcs15_prkey_sign: Initiating signing operation, mechanism 0x6. P:4060; T:2008 2025-03-12 21:09:59.064 [opensc-pkcs11] card.c:471:sc_lock: called P:4060; T:2008 2025-03-12 21:09:59.064 [opensc-pkcs11] reader-pcsc.c:692:pcsc_lock: called P:4060; T:2008 2025-03-12 21:09:59.064 [opensc-pkcs11] card.c:513:sc_lock: returning with: 0 (Success) P:4060; T:2008 2025-03-12 21:09:59.064 [opensc-pkcs11] framework-pkcs15.c:4443:pkcs15_prkey_sign: Selected flags 240. Now computing signature for 20 bytes. 512 bytes reserved. P:4060; T:2008 2025-03-12 21:09:59.065 [opensc-pkcs11] pkcs15-sec.c:615:sc_pkcs15_compute_signature: called P:4060; T:2008 2025-03-12 21:09:59.065 [opensc-pkcs11] pkcs15-sec.c:668:sc_pkcs15_compute_signature: supported algorithm flags 0x80E0E211, private key usage 0x2E P:4060; T:2008 2025-03-12 21:09:59.065 [opensc-pkcs11] padding.c:701:sc_get_encoding_flags: called P:4060; T:2008 2025-03-12 21:09:59.065 [opensc-pkcs11] padding.c:705:sc_get_encoding_flags: iFlags 0x240, card capabilities 0x80E0E211 P:4060; T:2008 2025-03-12 21:09:59.065 [opensc-pkcs11] padding.c:766:sc_get_encoding_flags: pad flags 0x240, secure algorithm flags 0x1 P:4060; T:2008 2025-03-12 21:09:59.065 [opensc-pkcs11] padding.c:767:sc_get_encoding_flags: returning with: 0 (Success) P:4060; T:2008 2025-03-12 21:09:59.066 [opensc-pkcs11] pkcs15-sec.c:739:sc_pkcs15_compute_signature: DEE flags:0x00000240 alg_info->flags:0x80e0e211 pad:0x00000240 sec:0x00000001 P:4060; T:2008 2025-03-12 21:09:59.066 [opensc-pkcs11] padding.c:624:sc_pkcs1_encode: called P:4060; T:2008 2025-03-12 21:09:59.066 [opensc-pkcs11] padding.c:630:sc_pkcs1_encode: hash algorithm 0x200, pad algorithm 0x40 P:4060; T:2008 2025-03-12 21:09:59.066 [opensc-pkcs11] padding.c:654:sc_pkcs1_encode: returning with: 0 (Success) P:4060; T:2008 2025-03-12 21:09:59.066 [opensc-pkcs11] card.c:471:sc_lock: called P:4060; T:2008 2025-03-12 21:09:59.066 [opensc-pkcs11] card.c:513:sc_lock: returning with: 0 (Success) P:4060; T:2008 2025-03-12 21:09:59.067 [opensc-pkcs11] sec.c:108:sc_set_security_env: called P:4060; T:2008 2025-03-12 21:09:59.067 [opensc-pkcs11] card-sc-hsm.c:1069:sc_hsm_set_security_env: returning with: 0 (Success) P:4060; T:2008 2025-03-12 21:09:59.067 [opensc-pkcs11] sec.c:112:sc_set_security_env: returning with: 0 (Success) P:4060; T:2008 2025-03-12 21:09:59.067 [opensc-pkcs11] sec.c:62:sc_compute_signature: called P:4060; T:2008 2025-03-12 21:09:59.067 [opensc-pkcs11] apdu.c:550:sc_transmit_apdu: called P:4060; T:2008 2025-03-12 21:09:59.067 [opensc-pkcs11] card.c:471:sc_lock: called P:4060; T:2008 2025-03-12 21:09:59.067 [opensc-pkcs11] card.c:513:sc_lock: returning with: 0 (Success) P:4060; T:2008 2025-03-12 21:09:59.068 [opensc-pkcs11] apdu.c:515:sc_transmit: called P:4060; T:2008 2025-03-12 21:09:59.068 [opensc-pkcs11] apdu.c:363:sc_single_transmit: called P:4060; T:2008 2025-03-12 21:09:59.068 [opensc-pkcs11] apdu.c:367:sc_single_transmit: CLA:80, INS:68, P1:1, P2:20, data(512) 0000000000100000 P:4060; T:2008 2025-03-12 21:09:59.068 [opensc-pkcs11] reader-pcsc.c:327:pcsc_transmit: reader 'Pol Henarejos Pico Key CCID OTP FIDO Interfac 0' P:4060; T:2008 2025-03-12 21:09:59.069 [opensc-pkcs11] reader-pcsc.c:328:pcsc_transmit: Outgoing APDU (521 bytes): 80 68 01 20 00 02 00 00 01 FF FF FF FF FF FF FF .h. ............ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF 00 30 21 30 09 06 05 2B 0E 03 02 1A 05 ....0!0...+..... 00 04 14 CC CE FE AB DC E3 EC 74 1D 23 39 B4 88 ..........t.#9.. 04 4A 43 B6 39 A3 D6 02 00 .JC.9.... P:4060; T:2008 2025-03-12 21:09:59.072 [opensc-pkcs11] reader-pcsc.c:245:pcsc_internal_transmit: called P:4060; T:2008 2025-03-12 21:10:02.256 [opensc-pkcs11] reader-pcsc.c:334:pcsc_transmit: unable to transmit P:4060; T:2008 2025-03-12 21:10:02.256 [opensc-pkcs11] apdu.c:380:sc_single_transmit: unable to transmit APDU: -1213 (Unknown data received from card) P:4060; T:2008 2025-03-12 21:10:02.257 [opensc-pkcs11] apdu.c:518:sc_transmit: transmit APDU failed: -1213 (Unknown data received from card) P:4060; T:2008 2025-03-12 21:10:02.257 [opensc-pkcs11] card.c:523:sc_unlock: called P:4060; T:2008 2025-03-12 21:10:02.257 [opensc-pkcs11] card-sc-hsm.c:1121:sc_hsm_compute_signature: APDU transmit failed: -1213 (Unknown data received from card) P:4060; T:2008 2025-03-12 21:10:02.258 [opensc-pkcs11] sec.c:66:sc_compute_signature: returning with: -1213 (Unknown data received from card) P:4060; T:2008 2025-03-12 21:10:02.258 [opensc-pkcs11] card.c:523:sc_unlock: called P:4060; T:2008 2025-03-12 21:10:02.259 [opensc-pkcs11] pkcs15-sec.c:169:use_key: returning with: -1213 (Unknown data received from card) P:4060; T:2008 2025-03-12 21:10:02.259 [opensc-pkcs11] pkcs15-sec.c:779:sc_pkcs15_compute_signature: use_key() failed: -1213 (Unknown data received from card) P:4060; T:2008 2025-03-12 21:10:02.260 [opensc-pkcs11] pkcs15-sec.c:792:sc_pkcs15_compute_signature: returning with: -1213 (Unknown data received from card) P:4060; T:2008 2025-03-12 21:10:02.260 [opensc-pkcs11] card.c:523:sc_unlock: called P:4060; T:2008 2025-03-12 21:10:02.260 [opensc-pkcs11] reader-pcsc.c:734:pcsc_unlock: called P:4060; T:2008 2025-03-12 21:10:02.261 [opensc-pkcs11] framework-pkcs15.c:4451:pkcs15_prkey_sign: Sign complete. Result -1213. P:4060; T:2008 2025-03-12 21:10:02.261 [opensc-pkcs11] misc.c:72:sc_to_cryptoki_error_common: libopensc return value: -1213 (Unknown data received from card) P:4060; T:2008 2025-03-12 21:10:02.262 [opensc-pkcs11] mechanism.c:608:sc_pkcs11_signature_final: returning with: 5 P:4060; T:2008 2025-03-12 21:10:02.262 [opensc-pkcs11] mechanism.c:465:sc_pkcs11_sign_final: returning with: 5 P:4060; T:2008 2025-03-12 21:10:02.262 [opensc-pkcs11] pkcs11-object.c:809:C_SignFinal: C_SignFinal() = CKR_GENERAL_ERROR P:4060; T:2008 2025-03-12 21:10:02.263 [opensc-pkcs11] pkcs11-global.c:415:C_Finalize: C_Finalize() P:4060; T:2008 2025-03-12 21:10:02.263 [opensc-pkcs11] ctx.c:1042:sc_cancel: called P:4060; T:2008 2025-03-12 21:10:02.263 [opensc-pkcs11] reader-pcsc.c:784:pcsc_cancel: called P:4060; T:2008 2025-03-12 21:10:02.264 [opensc-pkcs11] slot.c:191:card_removed: Pol Henarejos Pico Key CCID OTP FIDO Interfac 0: card removed P:4060; T:2008 2025-03-12 21:10:02.264 [opensc-pkcs11] slot.c:501:slot_token_removed: slot_token_removed(0x0) P:4060; T:2008 2025-03-12 21:10:02.265 [opensc-pkcs11] pkcs11-session.c:145:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x0) 1 P:4060; T:2008 2025-03-12 21:10:02.265 [opensc-pkcs11] pkcs11-session.c:109:sc_pkcs11_close_session: real C_CloseSession(0x4cae30) P:4060; T:2008 2025-03-12 21:10:02.266 [opensc-pkcs11] pkcs15-pin.c:851:sc_pkcs15_pincache_clear: called P:4060; T:2008 2025-03-12 21:10:02.266 [opensc-pkcs11] framework-pkcs15.c:2000:pkcs15_logout: Clearing PIN state without calling sc_logout() P:4060; T:2008 2025-03-12 21:10:02.266 [opensc-pkcs11] framework-pkcs15.c:1778:pkcs15_release_token: pkcs15_release_token() not implemented P:4060; T:2008 2025-03-12 21:10:02.267 [opensc-pkcs11] slot.c:501:slot_token_removed: slot_token_removed(0x1) P:4060; T:2008 2025-03-12 21:10:02.267 [opensc-pkcs11] pkcs11-session.c:145:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x1) 0 P:4060; T:2008 2025-03-12 21:10:02.268 [opensc-pkcs11] slot.c:501:slot_token_removed: slot_token_removed(0x2) P:4060; T:2008 2025-03-12 21:10:02.268 [opensc-pkcs11] pkcs11-session.c:145:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x2) 0 P:4060; T:2008 2025-03-12 21:10:02.268 [opensc-pkcs11] slot.c:501:slot_token_removed: slot_token_removed(0x3) P:4060; T:2008 2025-03-12 21:10:02.269 [opensc-pkcs11] pkcs11-session.c:145:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x3) 0 P:4060; T:2008 2025-03-12 21:10:02.269 [opensc-pkcs11] pkcs15.c:1387:sc_pkcs15_unbind: called P:4060; T:2008 2025-03-12 21:10:02.269 [opensc-pkcs11] pkcs15-pin.c:851:sc_pkcs15_pincache_clear: called P:4060; T:2008 2025-03-12 21:10:02.270 [opensc-pkcs11] misc.c:72:sc_to_cryptoki_error_common: libopensc return value: 0 (Success) P:4060; T:2008 2025-03-12 21:10:02.270 [opensc-pkcs11] card.c:414:sc_disconnect_card: called P:4060; T:2008 2025-03-12 21:10:02.271 [opensc-pkcs11] reader-pcsc.c:677:pcsc_disconnect: Pol Henarejos Pico Key CCID OTP FIDO Interfac 0:SCardDisconnect returned: 0x00000000 P:4060; T:2008 2025-03-12 21:10:02.272 [opensc-pkcs11] card.c:434:sc_disconnect_card: returning with: 0 (Success) P:4060; T:2008 2025-03-12 21:10:02.272 [opensc-pkcs11] ctx.c:1066:sc_release_context: called P:4060; T:2008 2025-03-12 21:10:02.272 [opensc-pkcs11] reader-pcsc.c:971:pcsc_finish: called error: PKCS11 function C_SignFinal failed: rv = CKR_GENERAL_ERROR (0x5) Aborting. ```

daniel-starke commented 2025-04-23 02:15:54 +08:00 (Migrated from https://github.com/polhenarejos/pico-hsm)

Copy Link

Previous test have been done with Windows 7 x64.
Running the same with Windows 11 24H2 x64 gives no errors.
In particular the following issues do not occur:

• inconsistant handling of the object ID (sometimes ASCII, sometimes hex)
• missing label in HSM data
• preliminary error on long standing operations
  Both tests have been done with the same OpenSC build.
  I am not sure whether this is an OpenSC or a PicoHSM issue...

Previous test have been done with Windows 7 x64. Running the same with Windows 11 24H2 x64 gives no errors. In particular the following issues do not occur: - inconsistant handling of the object ID (sometimes ASCII, sometimes hex) - missing label in HSM data - preliminary error on long standing operations Both tests have been done with the same OpenSC build. I am not sure whether this is an OpenSC or a PicoHSM issue...

polhenarejos commented 2025-04-23 03:12:54 +08:00 (Migrated from https://github.com/polhenarejos/pico-hsm)

Copy Link

Really strange. Also in macOS and Linux works fine too. I don’t know what changed between windows builds.

Really strange. Also in macOS and Linux works fine too. I don’t know what changed between windows builds.

daniel-starke commented 2025-04-23 05:50:28 +08:00 (Migrated from https://github.com/polhenarejos/pico-hsm)

Copy Link

P.S.: RSA 4096 creation took around 300s on that device.

P.S.: RSA 4096 creation took around 300s on that device.

daniel-starke commented 2025-05-13 00:43:34 +08:00 (Migrated from https://github.com/polhenarejos/pico-hsm)

Copy Link

I suggest closing this issue with a remark in the readme for the minimal supported/tested Windows version.
Or do you plan to fix it?

I suggest closing this issue with a remark in the readme for the minimal supported/tested Windows version. Or do you plan to fix it?

polhenarejos commented 2025-05-13 02:07:43 +08:00 (Migrated from https://github.com/polhenarejos/pico-hsm)

Copy Link

To me it’s strange that in windows doesn’t work 4k, specially since 1k or 2k work well and all them work in macos/linux too. There’s nothing special different between 2k and 4k.

To me it’s strange that in windows doesn’t work 4k, specially since 1k or 2k work well and all them work in macos/linux too. There’s nothing special different between 2k and 4k.

daniel-starke commented 2025-05-13 02:32:00 +08:00 (Migrated from https://github.com/polhenarejos/pico-hsm)

Copy Link

As mentioned before, Windows 7 seems to handle a couple of things differently.
Neither did the timeout function work properly nor the labeling.
Nevertheless, the question remains whether this project wants to support Windows 7 or not.

As mentioned before, Windows 7 seems to handle a couple of things differently. Neither did the timeout function work properly nor the labeling. Nevertheless, the question remains whether this project wants to support Windows 7 or not.

polhenarejos commented 2025-05-24 02:19:08 +08:00 (Migrated from https://github.com/polhenarejos/pico-hsm)

Copy Link

Perhaps related with #95 ?

Perhaps related with #95 ?

daniel-starke commented 2025-05-24 03:17:57 +08:00 (Migrated from https://github.com/polhenarejos/pico-hsm)

Copy Link

Hard to say. Sounds a bit different.

Hard to say. Sounds a bit different.

polhenarejos commented 2025-05-24 03:29:10 +08:00 (Migrated from https://github.com/polhenarejos/pico-hsm)

Copy Link

Not the problem but the cause, an underlaying issue with returned content.

Not the problem but the cause, an underlaying issue with returned content.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

development

nightly-development

nightly-master

v6.4

v6.2

v6.0-eddsa1

v6.0

v5.6

v5.4-eddsa1

v5.4

v5.2

v5.0-eddsa1

v5.0

v4.2-eddsa1

v4.2

v4.0-eddsa1

v4.0

v3.6-eddsa1

v3.6

v3.4

v3.2

v3.0

v2.6

v2.4

v2.2

v2.0

v1.12

v1.10

v1.8

v1.6

v1.4

v1.2

v1.0

Labels

Clear labels

bug

Something isn't working

bug

Something isn't working

dependencies

Pull requests that update a dependency file

dependencies

Pull requests that update a dependency file

documentation

Improvements or additions to documentation

documentation

Improvements or additions to documentation

duplicate

This issue or pull request already exists

duplicate

This issue or pull request already exists

enhancement

New feature or request

enhancement

New feature or request

good first issue

Good for newcomers

good first issue

Good for newcomers

help wanted

Extra attention is needed

help wanted

Extra attention is needed

invalid

This doesn't seem right

invalid

This doesn't seem right

question

Further information is requested

question

Further information is requested

wontfix

This will not be worked on

wontfix

This will not be worked on

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

dearsky

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: dearsky/pico-hsm#80