Giter Club home page Giter Club logo

Comments (3)

Jakuje avatar Jakuje commented on June 19, 2024

I would say that the pkcs11-tool is not designed for security and robust scripting. You can see in the code, the pkcs11 tool implements different operations and they are executed in the code-defined order, but do not return any return value:

https://github.com/OpenSC/OpenSC/blob/master/src/tools/pkcs11-tool.c#L1429

Supporting different return values for different operations would complicate stuff.

The other thing is that for the signature verification, one does not need the pkcs11 tool at all. The verification usually happens on some other place where the signing smart card/token is not available. It can be done without the smart card/token, just with the public key, that can be obtained from the pkcs11-tool with --read-object and for example openssl CLI that has more consistent exit codes.

from opensc.

popovec avatar popovec commented on June 19, 2024

Just for interest .. I use the following construct in my test scripts:

pkcs11-tool --verify -m ECDSA-SHA1 --id 61 --input-file file.txt --signature-file file.sig|grep -q "^Signature is valid$"
echo $?

from opensc.

msalvinik avatar msalvinik commented on June 19, 2024

@Jakuje thanks for your comments: I imagined that those were the reasons. I just wanted to be sure that I undertsood correctly.
@popovec thanks for your suggestion: yes, I have something similar in my script.

I close the issue, hoping that could help someone will search for the same topic.

from opensc.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.