I've got a sample from eToken SDK that generates RSA keys, creates digital signature and verifies it. The algorithm in the sample is the following:
- generate RSA keys (GENERATE_KEY_PAIR);
- create security environment for signature (PUT_DATA_SECI);
- restore security environment (MSE RESTORE);
- sign data (PSO_CDS);
- create security environment for verification (PUT_DATA_SECI);
- restore security environment (MSE RESTORE);
- verify signature (PDO_VDS).
I have imported external key containers with certificates to token and I need to get rid of RSA key generation item in algorithm. How may I find Object ID of my private key to pass it to PUT_DATA_SECI APDU command?
The private RSA stored on the token is RSA_PURE (0x0c). It can't be used for PSO_CDS operation. They have to properly pad the hash value (rfc-2313: block type 1 + hash OID) and to use PSO_DEC to get signature. The result will be the same binary data as for PSO_CDS.