Hi, I experimented a bit more and could reproduce the problem with a local YK (Yubikey 4, Firmware 4.3.7) and a known private key and certificate.
The correct signature (using OpenSSL) has:
+---
| 138 256: OCTET STRING
| : 00 00 45 75 A8 93 B1 B1 37 0A 53 69 82 BB 1C B6
+---[ data.ko.p7s.success ]
The incorrect signature from the YK has:
+---
| 138 254: OCTET STRING
| : 82 45 75 A8 93 B1 B1 37 0A 53 69 82 BB 1C B6 E7
+---[ data.ko.p7s.fail ]
So there is also a wrong byte at the beginning.
The incorrect signature also misses one byte at the end.
The attached archive contains:
- data.ko: random data to be signed
- data.ko.p7s.fail: incorrect signature generated by YK4
- data.ko.p7s.success: correct signature generated by OpenSSL
- reproduce.sh: sign with YK4 (set serial# in the first lines)
- reproduce2.sh: sign with OpenSSL
- sign-file: make this a symlink to linux' sign-file
- test.key: private key
- test.pem: self-signed certificate
The test.{key,pem} need to be loaded in the Digital Signature (Slot 9c)
slot of the PIV application.
I haven't checked if this is reproducible with another YK with the same
data/key/cert, but it is reproducible with the same key.
Ansgar
ykcs11-signature-failure.tar.gz
Description: application/compressed-tar
