Ubuntu
opensc package

Storing RSA key on EnterSafe smart card fails

Bug #622319 reported by Firas Kraïem
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
opensc (Debian)
Fix Released
Unknown
opensc (Ubuntu)
Fix Released
Undecided
Unassigned
Lucid
Fix Released
Undecided
Unassigned
Maverick
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: opensc

Lucid, OpenSC 0.11.12:

firas@tsukino ~ % dpkg -l | grep opensc
ii libopensc2 0.11.12-1ubuntu3 Smart card library with support for PKCS#15
ii opensc 0.11.12-1ubuntu3 Smart card utilities with support for PKCS#1
firas@tsukino ~ % lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 10.04.1 LTS
Release: 10.04
Codename: lucid

How to reproduce:

Initialise the smart card:

firas@tsukino ~ % pkcs15-init -E -C --label "My Smart Card"
Using reader with a card: Feitian SCR301 00 00
New User PIN.
Please enter User PIN:
Please type again to verify:
Unblock Code for New User PIN (Optional - press return for no PIN).
Please enter User unblocking PIN (PUK):
Please type again to verify:

Generate RSA key:

firas@tsukino ~ % openssl genrsa -des3 -out mykey.key 1024
Generating RSA private key, 1024 bit long modulus
..............++++++
.......++++++
e is 65537 (0x10001)
Enter pass phrase for mykey.key:
Verifying - Enter pass phrase for mykey.key:

Try to story the key on the card:

firas@tsukino ~ % pkcs15-init -S mykey.key --auth-id ff --label "My Private Key"
Using reader with a card: Feitian SCR301 00 00
Please enter passphrase to unlock secret key:
User PIN required.
Please enter User PIN:
pkcs15-init: card-entersafe.c:1047: entersafe_encode_bignum: Assertion `0' failed.
zsh: abort pkcs15-init -S mykey.key --auth-id ff --label "My Private Key"

A fix exists (patch already comitted in upstream SVN):

http://www.opensc-project.org/pipermail/opensc-devel/2010-January/013067.html
http://<email address hidden>/msg05224.html

Debdiff to follow applying both patches:

-> First patch fixes storing a key
-> Second patch fixes an unrelated bug that causes a segfault when trying to store a 2048-bit key (1024-bit key works fine with the first patch alone)

Fix is SRU-worthy IMO.

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: opensc 0.11.12-1ubuntu3
ProcVersionSignature: Ubuntu 2.6.32-24.41-generic 2.6.32.15+drm33.5
Uname: Linux 2.6.32-24-generic x86_64
NonfreeKernelModules: wl nvidia
Architecture: amd64
Date: Sun Aug 22 17:55:01 2010
EcryptfsInUse: Yes
InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release amd64 (20100429)
ProcEnviron:
 LANGUAGE=en
 LANG=en_GB.utf8
 SHELL=/bin/zsh
SourcePackage: opensc

Revision history for this message
Firas Kraïem (firas) wrote :
Revision history for this message
Firas Kraïem (firas) wrote :

BTW, the bug also affects Maverick. I'll try to get it pushed into Debian first.

Revision history for this message
Stefano Rivera (stefanor) wrote :

Unsubscribing sponsors. We can't get the SRU through until it's fixed in maverick.

Revision history for this message
Firas Kraïem (firas) wrote :

Debdiff for Maverick since we already diverted from Debian.

Revision history for this message
Firas Kraïem (firas) wrote :

New debdiff with patch header.

Revision history for this message
Firas Kraïem (firas) wrote :

New debdiff, second patch was mistakely left out. Sorry for the noise.

Stefano Rivera (stefanor)
Changed in opensc (Ubuntu):
status: New → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package opensc - 0.11.13-1ubuntu2

---------------
opensc (0.11.13-1ubuntu2) maverick; urgency=low

  * debian/patches/fix-storing-key-on-entersafe: Fix storing a RSA key on
    EnterSafe cards. (LP: #622319)
 -- Firas Kraiem <email address hidden> Mon, 23 Aug 2010 14:43:10 +0200

Changed in opensc (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Stefano Rivera (stefanor) wrote :

Firas: I added a DEP3 Bug-Ubuntu to the maverick debdiff and uploaded. For lucid, can you prepare a new debdiff with the DEP3 headers (Including Bug-Ubuntu), and set the distribution in the changelog to lucid-proposed and the version number to ubuntu3.1 not ubuntu4. Then subscribe ubuntu-sru.

https://wiki.ubuntu.com/StableReleaseUpdates#Procedure

Revision history for this message
Firas Kraïem (firas) wrote :

Debdiff for lucid-proposed.

Revision history for this message
Stefano Rivera (stefanor) wrote :

Uploaded to lucid-proposed

Changed in opensc (Ubuntu Lucid):
status: New → Fix Committed
Revision history for this message
Martin Pitt (pitti) wrote : Please test proposed package

Accepted opensc into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

tags: added: verification-needed
Revision history for this message
Firas Kraïem (firas) wrote :

Bug fixed in opensc 0.11.12-1ubuntu3.1

firas@aoba ~ % dpkg -l | grep opensc
ii libopensc2 0.11.12-1ubuntu3.1 Smart card library with support for PKCS#15
ii opensc 0.11.12-1ubuntu3.1 Smart card utilities with support for PKCS#1
firas@aoba ~ % pkcs15-init -E -C
Using reader with a card: Feitian SCR301 00 00
New User PIN.
Please enter User PIN:
Please type again to verify:
Unblock Code for New User PIN (Optional - press return for no PIN).
Please enter User unblocking PIN (PUK):
Please type again to verify:
firas@aoba ~ % openssl genrsa -des3 -out mykey.key 1024
Generating RSA private key, 1024 bit long modulus
......++++++
..++++++
e is 65537 (0x10001)
Enter pass phrase for mykey.key:
Verifying - Enter pass phrase for mykey.key:
firas@aoba ~ % pkcs15-init -S mykey.key --auth-id ff
Using reader with a card: Feitian SCR301 00 00
Please enter passphrase to unlock secret key:
User PIN required.
Please enter User PIN:
User PIN required.
Please enter User PIN:
User PIN required.
Please enter User PIN:
User PIN required.
Please enter User PIN:
firas@aoba ~ % openssl genrsa -des3 -out mykey.key 2048
Generating RSA private key, 2048 bit long modulus
.........................................+++
.........+++
e is 65537 (0x10001)
Enter pass phrase for mykey.key:
Verifying - Enter pass phrase for mykey.key:
firas@aoba ~ % pkcs15-init -S mykey.key --auth-id ff
Using reader with a card: Feitian SCR301 00 00
Please enter passphrase to unlock secret key:
User PIN required.
Please enter User PIN:
User PIN required.
Please enter User PIN:
User PIN required.
Please enter User PIN:
User PIN required.
Please enter User PIN:

No regressions found. Tested: generating a RSA key directly on the card, extracting the public key, generating an X.509 certificate for a key, and storing the certificate on the card, all for 1024-bit and 2048-bit keys.

Revision history for this message
Martin Pitt (pitti) wrote :

Thanks for the extensive testing!

tags: added: verification-done
removed: verification-needed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package opensc - 0.11.12-1ubuntu3.1

---------------
opensc (0.11.12-1ubuntu3.1) lucid-proposed; urgency=low

  * debian/patches/fix-storing-key-on-entersafe: Fix storing a RSA key on
    EnterSafe cards. (LP: #622319)
 -- Firas Kraiem <email address hidden> Mon, 23 Aug 2010 17:00:23 +0200

Changed in opensc (Ubuntu Lucid):
status: Fix Committed → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in opensc (Debian):
status: Unknown → New
Bug Watch Updater (bug-watch-updater)
Changed in opensc (Debian):
status: New → Confirmed
Bug Watch Updater (bug-watch-updater)
Changed in opensc (Debian):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.