Description of problem: Using 2048 bit smart-cards with the SetCOS driver on latest Fedora 24 release with OpenSC v0.15.0-5 will fail. After enabling debug logging the error message "Card does not support RSA with key length 2048" is display. This was raised against the upstream project as below: https://github.com/OpenSC/OpenSC/issues/726 The fix which just is about to add one line code is applied into v0.16 upstream. If the upstream version not will be a part of Fedora 24 perhaps you can add a patch for it? This kind of smart-cards is used within the Swedish government and all Swedish healthcare and this issue blocks us from using several services from Fedora. Version-Release number of selected component (if applicable): 0.15.0-5 How reproducible: You need to a valid smart card and connect to a service to use it. There are good descriptions in the upstream bug report which should cover this. https://github.com/OpenSC/OpenSC/issues/726 Actual results: 0x7f539ffa6700 21:35:45.932 [opensc-pkcs11] framework-pkcs15.c:3519:pkcs15_prkey_sign: Initiating signing operation, mechanism 0x1. 0x7f539ffa6700 21:35:45.932 [opensc-pkcs11] card.c:353:sc_lock: called 0x7f539ffa6700 21:35:45.932 [opensc-pkcs11] reader-pcsc.c:526:pcsc_lock: called 0x7f539ffa6700 21:35:45.932 [opensc-pkcs11] framework-pkcs15.c:3580:pkcs15_prkey_sign: Selected flags 12. Now computing signature for 36 bytes. 256 bytes reserved. 0x7f539ffa6700 21:35:45.932 [opensc-pkcs11] pkcs15-sec.c:312:sc_pkcs15_compute_signature: called 0x7f539ffa6700 21:35:45.932 [opensc-pkcs11] pkcs15-sec.c:313:sc_pkcs15_compute_signature: security operation flags 0x12 0x7f539ffa6700 21:35:45.932 [opensc-pkcs11] pkcs15-sec.c:337:sc_pkcs15_compute_signature: Card does not support RSA with key length 2048 Expected results: No errors at all :-) Additional info: From the upstream project a very simple fix is published as below: https://github.com/OpenSC/OpenSC/commit/74493ca73f8e3c21c098fecb42a7a08ead85e197 For my own I created a simple patch and rebuild the OpenSC RPM for my Fedora 24 which now works perfectly. The patch would be simple to add into the Fedora 24 OpenSC package: +++ a/src/libopensc/card-setcos.c @@ -215,6 +215,7 @@ _sc_card_add_rsa_alg(card, 512, flags, 0); _sc_card_add_rsa_alg(card, 768, flags, 0); _sc_card_add_rsa_alg(card, 1024, flags, 0); + _sc_card_add_rsa_alg(card, 2048, flags, 0); } break; } /Tomas
opensc-0.15.0-6.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-efb513eaf3
opensc-0.15.0-6.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-efb513eaf3
opensc-0.15.0-6.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
Thanks for the fix, I have now verified it and it's working as expected. /Tomas