PKCS #11 RSA signature with OpenSC and Gemalto eToken 5110

Published by Margus Pala on

I have at hand Gemalto Safenet eToken with eIDAS Qualified Electronic Seal (also known as e-Seal or Digital Stamp or Document Signing Certificate) issued by SK ID Solutions. I want to sign sha256 hash with. First I will check some general information about the keypair. We need token label(or slot=8 or slotIndex=0x11) for signature and public key ID (00000000) for verification.

$ pkcs11-tool --module /usr/lib/libIDPrimePKCS11.so -L
...
Slot 8 (0x11): SafeNet eToken 5100 [eToken 5110 SC] 01  (Digital Signature Pin)
  token label        : eID Easy (Digital Signature Pin)
  token manufacturer : Gemalto
  token model        : ID Prime MD
  token flags        : login required, rng, token initialized, PIN initialized, other flags=0x200
  hardware version   : 0.0
  firmware version   : 0.0
  serial num         : 06E2CF0B29CA6BD0
  pin min/max        : 4/16

$ pkcs11-tool --module /usr/lib/libIDPrimePKCS11.so --token-label "eID Easy (Digital Signature Pin)" -O
Certificate Object; type = X.509 cert
  label:      
  subject:    DN: organizationIdentifier=NTREE-14080014/serialNumber=14080014, ST=Harjumaa, L=Tallinn, C=EE, O=EID Easy O\xC3\x9C, CN=eID Easy
  ID:         00000000
Public Key Object; RSA 2048 bits
  label:      eID Easy
  ID:         00000000
  Usage:      verify, wrap
  Access:     local

Next I will prepare digest that should be signed. I have it in hex for so I will convert it to binary into the file digest.bin

$ echo "19d512fc649e1668eb84741284ad95ec03f3225719a83e40389dbade4eabe5ed" > digest.txt
$ xxd -r -p digest.txt digest.bin

Now the most important part, creating the signature.

$ pkcs11-tool --module /usr/lib/libIDPrimePKCS11.so --pin=$PIN --token-label "eID Easy (Digital Signature Pin)" -s -i digest.bin -m RSA-PKCS > signature.bin
Using signature algorithm RSA-PKCS
$ base64 signature.bin -w0
RseZYWjkyNRcU1lI1KR+I+0C1jC+FVp2kTAhyOUsE2x6UGf+UMSf3kqD4KGBb+eIryXDFTzNsdo8XroUtWvYQvHgPLPaRQ8xfPtTOZS/crQY168S2lk4buAeDZWat/xiGeXgU4rL7hdbjojdkfbeGWHfIERcese6wv521t9x9w5K3XGz50Ec9Y/C4cPPo4xuQMSQlCrx1iIlfeGbkElxGIdIkZvt2nTrhl/ico5YCbTJfuDqZaaaJxPkXcfgAcvFVU/kILi7U3XQCvz7zohZoRj4vkeTutanW6I7qGyWvIcxXGJx29MInF3pohT0+KUzegN4A1GfkW5hfk5HyCP2Gw==

It makes sense to verify the signature to make sure all is good. We will extract the public key from the token and use it to verify the signature, then verify the signature which will basically extract the original digest and if the original digest matches the one taken from signature then we are all good.

$ pkcs11-tool --module /usr/lib/libIDPrimePKCS11.so --token-label "eID Easy (Digital Signature Pin)" --read-object --type pubkey --id=00000000 > public-key.der
$ openssl rsa -inform DER -outform PEM -in public-key.der -pubin > public-key.pem
writing RSA key
$ openssl rsautl -verify -inkey public-key.pem -in signature.bin -pubin > verified.bin
$ xxd -p -c32 verified.bin verified.txt
$ cat digest.txt verified.txt 
19d512fc649e1668eb84741284ad95ec03f3225719a83e40389dbade4eabe5ed
19d512fc649e1668eb84741284ad95ec03f3225719a83e40389dbade4eabe5ed

In this case we used signature mechanism RSA-PKCS which signs the data without hashing anything. There are more signature methods supported in this token. Most interestingly there are SHA256-RSA-PKCS and also SHA256-RSA-PKCS-PSS. If there is SHAXXX then before signing the data is hashed. If there is PSS then there is also salt added and signature will be different every time.
Here is the reference of all signature mechanisms supported

$ pkcs11-tool --module /usr/lib/libIDPrimePKCS11.so -M --slot 0x11 |grep sign
  DES3-MAC, keySize={24,24}, sign, verify
  DES3-MAC-GENERAL, keySize={24,24}, sign, verify
  AES-MAC, keySize={16,32}, sign, verify
  AES-MAC-GENERAL, keySize={16,32}, sign, verify
  RSA-PKCS, keySize={2048,2048}, hw, encrypt, decrypt, sign, sign_recover, verify, verify_recover, wrap, unwrap
  RSA-PKCS-PSS, keySize={2048,2048}, hw, sign, verify
  SHA256-RSA-PKCS-PSS, keySize={2048,2048}, hw, sign, verify
  SHA384-RSA-PKCS-PSS, keySize={2048,2048}, hw, sign, verify
  SHA512-RSA-PKCS-PSS, keySize={2048,2048}, hw, sign, verify
  SHA256-RSA-PKCS, keySize={2048,2048}, hw, sign, verify
  SHA384-RSA-PKCS, keySize={2048,2048}, hw, sign, verify
  SHA512-RSA-PKCS, keySize={2048,2048}, hw, sign, verify
  mechtype-0x252, keySize={112,2048}, sign, verify
  SHA256-HMAC, keySize={112,2048}, sign, verify
  mechtype-0x262, keySize={112,2048}, sign, verify
  SHA384-HMAC, keySize={112,2048}, sign, verify
  mechtype-0x272, keySize={112,2048}, sign, verify
  SHA512-HMAC, keySize={112,2048}, sign, verify
Categories: digital signatureHSM

Related Posts

What is an Identity Proofing Service Provider for QTSPs and CAs?

What is an Identity Proofing Service Provider for QTSPs and CAs? An Identity Proofing Service Provider ‘(IPSP’), also called a Registration Authority (RA), is the entity to which a TSP delegates verification of trust service Read more…

How to create and validate NOM 151 data message preservation constancy in Mexico

Mexico is becoming very fast very advanced digital society. For example most working age people have their personal document signing certificates, all electronic invoices and tax declarations must be signed digitally with the certificate. For Read more…

Summary of Asia PKI Consortium International Symposium 2023

Event took place on 28th of November in Bengaluru and was hosted by eMudhra. Here are a few highlights from presentations given on this event and you can also see the full recording of the Read more…

GDPR Badge BVCER ISO 27001 eIDAS eID Easy Google for Startups