Description of problem: The support of CardOS 5.0 and 5.3 smartcards was broken in opensc 0.20.0, so no CardOS cards are currently working. The problem has already been fixed upstream. See additional section below. Version-Release number of selected component (if applicable): 0.20.0 How reproducible: Run a login test with a CardOS 5.0 or 5.3 card Steps to Reproduce: 1. pkcs11-tool --login --test Actual results: Using slot 0 with a present token (0x0) Logging in to "Siemens Corporate ID Card (V5)". Please enter User PIN: C_SeedRandom() and C_GenerateRandom(): seeding (C_SeedRandom) not supported seems to be OK Digests: all 4 digest functions seem to work MD5: OK SHA-1: OK RIPEMD160: OK Signatures (currently only for RSA) testing key 0 (Encr 01.04.20 23:13:34 - 01.04.22) all 4 signature functions seem to work testing signature mechanisms: RSA-PKCS: ERR: verification failed SHA1-RSA-PKCS: ERR: verification failed MD5-RSA-PKCS: ERR: verification failed RIPEMD160-RSA-PKCS: ERR: verification failed SHA256-RSA-PKCS: ERR: verification failed testing key 1 (Encr 10.05.17 09:32:43 - 10.05.20) with 1 mechanism RSA-PKCS: ERR: verification failed testing key 2 (Encr 09.01.13 11:25:12 - 09.01.14) with 1 mechanism RSA-PKCS: ERR: verification failed testing key 3 (Auth 01.04.20 23:16:36 - 01.01.01) with 1 mechanism RSA-PKCS: ERR: verification failed Verify (currently only for RSA) testing key 0 (Encr 01.04.20 23:13:34 - 01.04.22) RSA-PKCS: ERR: C_Verify() returned CKR_GENERAL_ERROR (0x5) testing key 1 (Encr 10.05.17 09:32:43 - 10.05.20) with 1 mechanism RSA-PKCS: ERR: C_Verify() returned CKR_GENERAL_ERROR (0x5) testing key 2 (Encr 09.01.13 11:25:12 - 09.01.14) with 1 mechanism RSA-PKCS: ERR: C_Verify() returned CKR_GENERAL_ERROR (0x5) testing key 3 (Auth 01.04.20 23:16:36 - 01.01.01) with 1 mechanism RSA-PKCS: ERR: C_Verify() returned CKR_GENERAL_ERROR (0x5) Decryption (currently only for RSA) testing key 0 (Encr 01.04.20 23:13:34 - 01.04.22) RSA-PKCS: resulting cleartext doesn't match input Original: 00 cb d0 48 47 64 bd 1f 23 1e Decrypted: 02 ad e5 7e af d9 f1 98 66 6f 85 4a 7f c3 fc 90 6e 4a e5 ea eb 56 d8 d2 c4 a2 7f 2e c8 13 66 50 d7 d4 df 39 10 88 fb 29 34 4a e8 28 7b 22 16 b6 ae c0 ae fa b7 7e 0e e3 dc c2 55 cd a3 20 44 76 9d 7a 6d 8e 38 95 2c e0 52 30 aa 4d ba 31 a8 16 aa 05 bc 4f a8 af 41 bf 06 b8 ca 72 46 94 2b 15 03 0d 43 7d 75 84 dc f0 3a 91 15 6b dd 75 6c 47 2a 88 f4 0b 70 5b b3 d2 e4 90 67 2b df 8e cb 3d 41 1c a0 4e e5 77 13 74 5b 33 03 e2 41 9b 36 bd 85 97 76 e5 43 c6 0c 09 80 1a ff b3 d8 5f 75 ed 59 6a 69 47 5b f5 69 9d 9d 3e f1 80 3b 20 c5 8a 1f 5f f8 aa cb ea 07 84 56 90 02 69 1f 15 d0 02 d9 cf 43 3b 0e 8f 46 93 8a 0f c2 5b d7 e8 b9 2d dd 54 10 df 4f 21 fe d4 07 dd db d1 3e 54 6e 89 0a 01 0a a1 e7 27 b0 eb d2 a8 e4 b4 f9 30 e6 65 ff 48 bf f0 00 00 cb d0 48 47 64 bd 1f 23 1e testing key 1 (Encr 10.05.17 09:32:43 - 10.05.20) RSA-PKCS: resulting cleartext doesn't match input Original: 00 00 10 8b 67 cf 99 50 5b 17 Decrypted: 02 24 b5 52 4d 95 62 a8 23 88 95 12 2a ce 8d a4 cb 79 9a 7e f5 4f e0 4c 1a 96 56 25 c1 4d 84 34 66 a4 7d 77 79 40 eb 44 3b ee 07 86 29 6b bc 1b 4b c8 db 87 10 e9 cd ed c3 d5 ac 3c 7c 16 f0 97 76 2a 95 44 18 c4 76 5a 31 b5 fe 4f 3d 09 c6 fd 55 36 fb fc f5 f4 7e f1 fb 25 3c fe 64 94 fc d0 53 93 e6 a8 cb 22 d5 3e 0c 37 9b 42 cf db f8 e9 10 09 f1 db 38 52 75 be 90 2d 2c f2 24 43 4c 85 b4 c7 fd 97 22 07 b9 db ba ec f4 b1 a9 b5 46 f8 04 9c ed 97 ca a1 5c 31 c9 1f 22 5d 2f 7b a8 66 cd 4f 8b d6 23 41 61 cf b2 2f 58 6c fd a9 93 47 10 da ed 2d 0b 8a e9 6f 3e fb f7 56 d4 bc 72 af 44 ed 67 30 0e 52 4b 2a ea 42 e7 c1 83 89 b2 3c bc 50 93 05 48 cd 9f d0 61 4c c3 1d 57 8d c5 46 55 55 9e 9a b0 91 f3 ad a5 57 86 ae c4 ae 09 22 7b 03 90 c1 00 00 00 10 8b 67 cf 99 50 5b 17 testing key 2 (Encr 09.01.13 11:25:12 - 09.01.14) RSA-PKCS: resulting cleartext doesn't match input Original: 00 15 99 4e 32 f4 d1 9d 5c d1 Decrypted: 02 f4 56 7d 78 e4 87 0d 34 3f e6 1a 76 32 14 18 21 e4 8c 71 a2 01 77 2c 61 ec 4c ad e1 3a 20 3a 49 2c 6f 7c 56 02 37 e2 86 82 a1 6e b1 e4 b5 47 b4 50 08 9e f5 6b 0e 2e f4 70 09 3c 2f cd ad 2f a1 68 1a bc 9b 65 32 69 47 07 23 56 39 74 28 bd 31 90 01 60 fb 7b 1c 5b cf 82 4f 8e 6e e0 74 51 f4 69 47 de a5 9c 95 52 e0 5a 57 f6 b1 5e 7e a1 b0 35 11 11 e3 b7 5b be 7e 76 54 fc c9 70 c1 28 4f 01 cb f9 e7 07 f9 29 0f 04 b4 ee 16 c6 be b8 6b 02 ee 1a da 41 fc 65 32 eb 4f df 86 3a ab 91 5b 5e 59 36 83 ab ea 6c 98 e6 aa fd 3a 96 ed 86 9e 1a 6e f6 5b 15 2a ea 5a a5 c8 05 ab d1 53 e5 c9 6c 04 10 69 97 8a a9 ea 81 7c e3 47 93 24 ee c9 69 2f 8d ec 50 8a 18 ad 2c e1 d7 84 19 c3 13 99 a7 92 f1 ef cc 3c 22 fe aa b5 0e b4 d5 a3 9f 1f d3 3b a8 00 00 15 99 4e 32 f4 d1 9d 5c d1 testing key 3 (Auth 01.04.20 23:16:36 - 01.01.01) RSA-PKCS: resulting cleartext doesn't match input Original: 00 13 91 6c e9 9f 21 bc 52 13 Decrypted: 02 3e 2d c4 4f ab 4f 79 bb 6f fe d4 3a 51 89 fe 44 82 8a f2 54 5b f0 76 14 c2 0c 03 c3 ed 54 f2 b0 cf e6 8b 86 a3 07 6b 23 bd 1e 0b 82 f8 ad 5e cc a1 8c fa 9d 2f 9b d0 68 bf e8 d0 93 1d bd 68 41 12 ad f1 e0 3a 7c dc 6c b8 fd b3 dd ae ad c7 19 a2 b3 40 6d 0b 60 0d 0a 9c e6 a3 1d e2 e1 70 1d f0 8a 28 e5 18 a2 59 f3 fe 3a d3 ad 7e 2d da eb f1 6a 9c 7a b1 fa d0 9c ac 76 dd 99 05 b3 8c ad 65 ca 89 02 1f 6e ef 44 b4 16 be 67 8c 1f 5c f4 d1 dc 24 8b 29 78 4e d4 95 e7 e6 ca 98 e8 0a 24 48 c7 9b b2 f4 ab b6 3c da ee 79 b1 05 3b 87 38 22 86 0e 1f e4 1b fc ce b8 f1 9a 3b c0 28 ca e0 62 f2 25 8f a6 5f c0 72 de a5 10 63 cd d5 1d d5 a3 1c eb dd 1d 9f e9 e4 ad 8f 04 67 89 37 15 2a 17 67 a2 2e 3d 61 75 bc 4e d6 45 a5 f0 d0 ae ea 2e 83 55 00 00 13 91 6c e9 9f 21 bc 52 13 16 errors Expected results: No errors when running the login test (command see above) Additional info: The bugfixes are already available upstream, but not yet merged. See https://github.com/OpenSC/OpenSC/pull/1987
This bug affects Fedora 31 as well but older / working packages are available there. So we workaround for Fedora 31 is available. Just downgrade the opensc package.
The mentioned pull request (https://github.com/OpenSC/OpenSC/pull/1987) has been merged. The fix is now available upstream. Any chance to get an updated opensc package?
FEDORA-2020-ded02b1dc9 has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-ded02b1dc9
I just submitted an update for Fedora 32. Let me know if it works for you or there are still some issues. Thanks.
I manually downloaded and installed opensc-0.20.0-6.fc32.x86_64 (it seems to take some time to make its way to the update repo). It works for me! Thank you!
FEDORA-2020-ded02b1dc9 has been pushed to the Fedora 32 testing repository. In short time you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-ded02b1dc9` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-ded02b1dc9 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2020-ded02b1dc9 has been pushed to the Fedora 32 stable repository. If problem still persists, please make note of it in this bug report.