Smart Card eToken PRO CardOS/M4 Digital Signature APDU

869 views Asked by At

I've got a sample from eToken SDK that generates RSA keys, creates digital signature and verifies it. The algorithm in the sample is the following:

  • generate RSA keys (GENERATE_KEY_PAIR);
  • create security environment for signature (PUT_DATA_SECI);
  • restore security environment (MSE RESTORE);
  • sign data (PSO_CDS);
  • create security environment for verification (PUT_DATA_SECI);
  • restore security environment (MSE RESTORE);
  • verify signature (PDO_VDS).

I have imported external key containers with certificates to token and I need to get rid of RSA key generation item in algorithm. How may I find Object ID of my private key to pass it to PUT_DATA_SECI APDU command?

1

There are 1 answers

0
user2609706 On

The private RSA stored on the token is RSA_PURE (0x0c). It can't be used for PSO_CDS operation. They have to properly pad the hash value (rfc-2313: block type 1 + hash OID) and to use PSO_DEC to get signature. The result will be the same binary data as for PSO_CDS.