So I'm pretty new to smartcards and I'm trying to compute a signature over some random bytes. The operating system on the card is cardos v4.3 . I am able to use the PKCS#15 Format and the ISO 7816 standard.
My workflow to compute the signature is as follows:
select SigG application APDU= 00 A4 01 0C 02 1F FF 00. status = 90 00
verify Sig. Pin in the current DF APDU= 00 20 00 81 08 31 32 33 34 35 36 37 38 00 status = 90 00
trying to sign 40 random Bytes with PSO_CDS APDU= 00 2A 9E 9A 08 01 02 03 04 05 06 07 08 .... 28(hex) 00 status = 6A88
The smartcard is in a freshly reset.
Am I missing a command or a prerequisite I need to satisfy or something else? What is the general workflow when signing a hash which was computed with for example openssl?
I know that for PSO_CDS there must be a Current Security Environment where a valid PSO_PrivateKey must be specified, but I don't understand how to incorporate this into the commandflow.
I am planning to create a c++-function which will get a hash, compute the signature with the smartcard and then return the signature.
So, I was able to compute a signature. Because PSO_CDS doesn't really worked for me, I did it this way:
Select the SigG Application/DF.
Made an manage security environment set (mse set), where I specified the CON component (which is the PSO Private Key in the Application) off the current security environment.
verified the pin with the Pin object in the SigG Application.
Computed the signature with PSO_DEC. When using PSO_DEC you need to provide an extended apdu, because the command field has to contain a padded 256 Byte hashvalue and with normal apdu's it is only possible to have an command field up to 255 Bytes on my card.