Comments (3)
I would say that the pkcs11-tool is not designed for security and robust scripting. You can see in the code, the pkcs11 tool implements different operations and they are executed in the code-defined order, but do not return any return value:
https://github.com/OpenSC/OpenSC/blob/master/src/tools/pkcs11-tool.c#L1429
Supporting different return values for different operations would complicate stuff.
The other thing is that for the signature verification, one does not need the pkcs11 tool at all. The verification usually happens on some other place where the signing smart card/token is not available. It can be done without the smart card/token, just with the public key, that can be obtained from the pkcs11-tool with --read-object
and for example openssl CLI that has more consistent exit codes.
from opensc.
Just for interest .. I use the following construct in my test scripts:
pkcs11-tool --verify -m ECDSA-SHA1 --id 61 --input-file file.txt --signature-file file.sig|grep -q "^Signature is valid$"
echo $?
from opensc.
@Jakuje thanks for your comments: I imagined that those were the reasons. I just wanted to be sure that I undertsood correctly.
@popovec thanks for your suggestion: yes, I have something similar in my script.
I close the issue, hoping that could help someone will search for the same topic.
from opensc.
Related Issues (20)
- Importing encrypted RSA and plain RSA private keys in SmartCard-HSM HOT 6
- SmartCard-HSM Error creating HSM backup smart card HOT 2
- OpenPGP card v3.4 DestroyObject returns as ok, but does nothing HOT 1
- pkcs11-tool should provide an option to get slot information as pkcs11-uri HOT 1
- pkcs11-tool: extend for printing the PKCS#11 URI for the objects
- Support D-Trust Card 5.1 (Std. RSA CardOS6.0) with CAN HOT 20
- Compilation error HOT 3
- SmartCard-HSM DKEK share error "error generating random number failed with transmit failed" HOT 1
- Chrome / Chromium crashes HOT 3
- crash in pcsc_transmit -> sc_apdu_log -> sc_hex_dump HOT 1
- Recursion too deep in piv_card_reader_lock_obtained HOT 12
- asymmetric key encryption in pkcs11 module does not work
- Use ccache to speed up CI builds
- Windows certificate caching in GIDS HOT 2
- OpenSC + Smartcard-HSM + secp521r1 + OpenSSH = signing failed for ECDSA "secp521r1": error in libcrypto HOT 12
- Unable to generate RSA key using piv-tool HOT 6
- OpenSC Minidriver with PIVApplet + ECC keys on Win11: error on slot 9c - public key does not match private key HOT 28
- MacOS S/MIME Outlook or Mail.app no certificates on Yubikey smartcard detected HOT 17
- OpenSC build for macOS M1 Pro HOT 10
- OpenSC 0.25.1 + SmartCard-HSM 3.6 + brainpoolP256t1 = `point is not on curve` HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from opensc.