2

I am trying to decrypt RSA encrypted text using OpenSC's pkcs11-tool. I am using a Siemens CardOS5.0 card. I run the following line in terminal:

pkcs11-tool --module cardos11.dll --pin 12345 --login --decrypt --id 99

and it gives me the following error:

error: PKCS11 function C_Decrypt failed: rv = CKR_DEVICE_ERROR (0x30)

It gives me this error regardless of which key I use.

I then wrote a python script that uses the PyKCS11 module and decrypts as well.

result1 = ckbytelist()
v = session.lib.C_DecryptInit(session.session, m, k1)
v = session.lib.C_Decrypt(session.session, result, result1) 
print(result1)

where result is encrypted text.It returns null as well.

Is the problem in my approach or in the device?

KSS
  • 147
  • 1
  • 8
  • I'm not a master of in this domain, but I suspect that pkcs11 is not a tool that's meant to work with RSA. Maybe I'm wrong... Can you show us a link that explains how to use it to decrypt RSA ? – Nir Alfasi Dec 22 '16 at 01:29
  • 1
    @alfasin pkcs11-tool can (and usually works) with RSA keys stored on the HSM, so the idea is good, though it is not possible to answer this question without any more information. What OpenSC version are you using? Can you list the keys on the HSM using `pkcs11-tool --module cardos11.dll --pin 12345 --login --list-objects`? – Jakuje Dec 22 '16 at 07:19
  • CardOS 5.0 [may not be supported](https://github.com/OpenSC/OpenSC/issues/744). Did you check if it is? I've come to understand that it is pretty different from CardOS 4.X. – Maarten Bodewes Jan 04 '17 at 21:02
  • 1
    I think you should make sure that the module supports the operation. But this is decryyption, so it surely does. Now, make sure the mechanism used is supported, also look at the required key length. Some modules would support decryption using a mechanism only for specific key sizes (don't ask me why) – PhoenixBlue Apr 26 '19 at 10:48

0 Answers0