pkcs15-init: key generation and import for OpenPGP Card with different algorithms

[alex-nitrokey]

Problem Description

It is currently not possible to use pkcs15-init for generating and/or importing keys with attributes which are not i) the default (rsa/2048) or ii) previously set with other tools.

Thus, if one wants to generate e.g. a rsa/4096 key on a factory-reset OpenPGP Card, pkcs15-init will fail with:

$ pkcs15-init --delete-objects privkey,pubkey --id 3 --generate-key rsa/4096 --auth-id 3 --verify
Using reader with a card: Nitrokey Nitrokey Pro (0000320E0000000000000000) 00 00
User PIN required.
Please enter User PIN [Admin PIN]: 
NOTE: couldn't find privkey 03 to delete
NOTE: couldn't find pubkey 03 to delete
Deleted 0 objects
Failed to generate key: Not supported

As a workaround users need to generate a similiar key with openpgp-tool first, to make sure that the correct algorithm is set. (e.g. openpgp-tool --verify CHV3 --pin 12345678 --gen-key 3 --key-len 4096. The import/creation of keys with pkcs15-init is possible afterwards.

The algorithm at stake is checked here and here for a list of compatible algorithm for this card. The problem is, that this list is not correct. Instead it seems to be a known default (rsa/2048) and the currently set value as extracted through this code. Other than stated in the comment, it does not extract supported available algorithm, but the currently set.

Please read 4.4.3.7 of the specification which states

The content of the DO is optionally changeable (announced in Extended Capabilities) with
PUT DATA. This is useful if the card supports several algorithms or different key length.
The attributes can be changed independent for each key, so it is possible for example to
use different key length for signing and decrypting. A card should reject unsupported val-
ues in the DO. The supported values are manufacturer specific, please ask your card
vendor for the correct parameters if the card supports changing of the attributes.

Proposed Resolution

I think pkcs15-init either needs a correct list of all compatible algorithm for the cards or should just try to set the requested algorithm.

The second option appears to be already done by openpgp-tool. It works just fine because of the fact that a card should (and does) reject incompatible algorithms anyway. For example, a OpenPGP Card v3 does not accept rsa/1024 (other than v2), thus the output is:

openpgp-tool --verify CHV3 --pin 12345678 --gen-key 3 --key-len 1024
Using reader with a card: Nitrokey Nitrokey Pro (00005F120000000000000000) 00 00
Failed to generate key. Error Incorrect parameters in APDU.

I'd love to create a PR, but I had problems understanding the code to realize the first approach and the second approach is related to checks in pkcs15-libs.c that used by too many cards. I don't dare to touch this and I'd be happy about tips how I could fix this limitation :-)

PS: This issue is in some ways related to #1011

[frankmorgner]

Is that really needed? why not use gnupg for initialization?

The problem is that if you don't (find someone who) touch(es) the sourcecode, propably nobody ever will.

@hongquan, what do you think?

[hongquan]

I remember pk15init can initial OpenPGP card with 4096-bit key.

Could you please produce more verbose log?

[alex-nitrokey]

Sure, here is a log.

Is that really needed? why not use gnupg for initialization?

Well, that surely depends on how you like to see it. Why should one install gnupg just for initialization although it is not used afterwards. This issue is definitely not high priority, but having this working is surely much more convenient and less confusing for users...

The problem is that if you don't (find someone who) touch(es) the sourcecode, propably nobody ever will.

Therefore I asked for a hint, what needs to be done/what pitfalls probably are there, so that I may can manage to do it myself, but I totally see that this is like fixing it yourself, so nevermind.

[hongquan]

I'm reading the log.

Actually, last time I worked on OpenPGP, it was not necessary to use gnupg to initialize the card. Before I joined, the OpenPGP support for OpenSC was not complete, that's why people had to use gnupg to initialize the card. But I already fixed that.

[hongquan]

@alex-nitrokey Ok, from the log

0x7fa164191780 16:30:46.069 [pkcs15-init] card.c:401:sc_lock: called
0x7fa164191780 16:30:46.069 [pkcs15-init] reader-pcsc.c:612:pcsc_lock: called
0x7fa164191780 16:30:46.069 [pkcs15-init] card-openpgp.c:2895:pgp_card_reader_lock_obtained: called
0x7fa164191780 16:30:46.069 [pkcs15-init] card-openpgp.c:2922:pgp_card_reader_lock_obtained: returning with: 0 (Success)
0x7fa164191780 16:30:46.069 [pkcs15-init] card.c:441:sc_lock: returning with: 0 (Success)
0x7fa164191780 16:30:46.069 [pkcs15-init] pkcs15-lib.c:1445:sc_pkcs15init_generate_key: called
0x7fa164191780 16:30:46.069 [pkcs15-init] pkcs15-lib.c:2355:check_keygen_params_consistency: returning with: -1408 (Not supported)
0x7fa164191780 16:30:46.069 [pkcs15-init] pkcs15-lib.c:1450:sc_pkcs15init_generate_key: Invalid key size: -1408 (Not supported)
0x7fa164191780 16:30:46.069 [pkcs15-init] card.c:451:sc_unlock: called
0x7fa164191780 16:30:46.069 [pkcs15-init] reader-pcsc.c:662:pcsc_unlock: called
Failed to generate key: Not supported
0x7fa164191780 16:30:46.074 [pkcs15-init] pkcs15-lib.c:430:sc_pkcs15init_unbind: called
0x7fa164191780 16:30:46.074 [pkcs15-init] pkcs15-lib.c:431:sc_pkcs15init_unbind: Pksc15init Unbind: 0:0x55d6c8166d30:1

It is that the parameter (of key size 4096) was rejected right from the pkcs15-lib layer, not even touch the underneath openpgp card driver (implemented by me).

So, it may come from the behavior of pkcs15 that I noted:

There is limitation: pkcs15-init requires new key length to be the same as existing key. To generate key with different key length, openpgp-tool is recommended.

One more note:

In order to import 4096 bit RSA keys, the Nitrokey may need to be initialized with a 4096 bit RSA key beforehand (e.g. via GnuPG). Otherwise, you may experience an “Invalid key size” error.

So, to use pkcs15-init, your Nitrokey must already have a 4096 key. You can generate the key with OpenSC openpgp-tool, or GnuPG.

[alex-nitrokey]

Hey @hongquan ,

thank you for your help!

I am basically quite aware of the workaround and the reasons for this behaviour. I opened this issue for fixing this limitation of pkcs15-init. So while I've seen that "pkcs15-init requires new key length to be the same as existing key", I was wondering how I could change this so that pkcs15-init works straight away...

[hongquan]

Ok. I misunderstood your intention. Thank you.

[alex-nitrokey]

I created a solution which works fine. Please have a look here. I wasn't sure if I am supposed to create a PR right away and want to ask here first.

I basically added all supported algorithms. Right now only the existing algorithm settings are saved in the card capabilities instead.

Glad to hear your opinion!

[alex-nitrokey]

Now, opensc-tool --list-algorithms actually lists all available algorithms, too.

[hongquan]

Looks good. But the Gnuk card only supports 1 algorithm.

[alex-nitrokey]

Thanks for the heads up! I wasn't aware of that.
Did a PR (#1442)