Assumptions: Using Ubuntu with OpenSC
Installation Tip: Make sure to have installed OpenSC from source, rather than using the Ubuntu repositories (in other words, follow the instructions here  rather than using apt-get install opensc). This is necessary to avoid the
“failed: Invalid arguments
Decrypt failed: Invalid arguments ”
error as outlined in this OpenSC mailing list submission . It took a while to figure out what the problem was. Hopefully outlining the troubleshooting process will help with similar problems. First, enable verbose output (in this instance we were using pkcs15-crypt) and have a look at the output. In this case, we noted the output highlighted in red here . Searching for the error “Invalid Case 4 short APDU” leads us to this OpenSC pull request , which highlights the need to install a later version of OpenSC.
Common Cryptographic operations using Estonian E-ID.
File names used:
/tmp/toSign: the file whose signature you would like to generate.
/tmp/toSign.sig: the signature of the file
/tmp/toEncrypt: the file you would like to encrypt
/tmp/Encrypted.enc: the encrypted file
/tmp/publickey.pem: the public key assigned to you, stored on your e-ID card, which is safe to distribute ( hence “public” 😉 )
Extracting Public Key for distribution
pkcs15-tool --read-public-key 01 > /tmp/publickey.pem
Generating a signature of a document (signing operation)
openssl dgst -binary -sha512 /tmp/toSign | /usr/bin/pkcs15-crypt --sign --key 01 --sha-512 --pkcs1 --raw > /tmp/toSign.sig
Verifying a signature of a document (signature verification operation)
openssl dgst -sha512 -verify /tmp/publickey.pem -signature toSign.sig /tmp/toSign
Encrypting a file using a public key (e.g. someone needs to send data ONLY YOU can decrypt)
openssl rsautl -inkey /tmp/publickey.pem -pubin -encrypt -pkcs -in /tmp/toEncrypt -out /tmp/Encrypted.enc
Decrypting a file with your private key stored on your card
pkcs15-crypt --decipher --key 01 --input /tmp/Encrypted.enc --pkcs1 --raw
PS: The following sites have been invaluable during the investigation
You must be logged in to post a comment.