Hello Gert, or anyone else affected, Accepted opensc into trusty-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/opensc/0.13.0-3ubuntu4.1 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Description changed: + [Impact] + OpenSC 0.13.0 does not list RSA public keys which are of 2048 bits in size on a SmartCard-HSM smart card. Although the keys are listed after on-card key generation, only the private key is listed later. This issue does not appear for keys of 1024 bits in size on the same card. + [Test Case] Steps to reproduce: 1. Generate the RSA key of 2048 bits in size in case none of this type is present: $ pkcs11-tool --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -l --keypairgen --key-type rsa:2048 --id 10 Using slot 1 with a present token (0x1) Logging in to "SmartCard-HSM (UserPIN)". - Please enter User PIN: + Please enter User PIN: Key pair generated: - Private Key Object; RSA - label: Private Key - ID: 10 - Usage: decrypt, sign, unwrap + Private Key Object; RSA + label: Private Key + ID: 10 + Usage: decrypt, sign, unwrap Public Key Object; RSA 2048 bits - label: Private Key - ID: 10 - Usage: encrypt, verify, wrap + label: Private Key + ID: 10 + Usage: encrypt, verify, wrap 2. The public key cannot be listed/obained: 2a. using pkcs11-tool, reading the public key fails. $ pkcs11-tool --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so --id 10 --read-object --type pubkey Using slot 1 with a present token (0x1) error: object not found 2b. listing the objects using pcks15-tool will only list the private key object. $ pkcs15-tool -D Using reader with a card: Alcor Micro AU9540 00 00 PKCS#15 Card [SmartCard-HSM]: [...] PIN [UserPIN] [...] PIN [SOPIN] [...] Private RSA Key [Private Key] [...] - ID : 10 + ID : 10 [...] Fix is committed upstream in https://github.com/OpenSC/OpenSC/commit/99af6cd8ee78776f50bc016fc230541072c60afb Applying fix mentioned above on top of opensc (0.13.0-3ubuntu4) fixes the issue for me, without regenerating keys. $ pkcs11-tool --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so --id 10 --read-object --type pubkey | hexdump Using slot 1 with a present token (0x1) 0000000 8230 0a01 8202 0101 9000 5007 f88a 3370 0000010 a1c3 65e0 8d90 0b3b 0f40 d776 2d84 80be [...] + + [Regression Potential] + This fix is already in Utopic. It is an upstream cherry-pick ** Changed in: opensc (Ubuntu Trusty) Status: In Progress => Fix Committed ** Tags added: verification-needed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1311921 Title: SmartCard-HSM card does not list RSA 2048 public keys To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/1311921/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
