yubico-piv-tool: Unable to generate signature with RSA-PKCS-PSS mechanism
Hello,
I have YubiKey 5 and I am trying to generate signature with RSA-PKCS-PSS
mechanism with following command:
pkcs11-tool --module /usr/local/lib/libykcs11.dylib -s -m RSA-PKCS-PSS --hash-algorithm SHA256 --mgf MGF1-SHA256 --input-file test.txt.sha256 --output-file test.txt.signature
but I am getting following error:
Using signature algorithm RSA-PKCS-PSS
PSS parameters: hashAlg=SHA256, mgf=MGF1-SHA256, salt_len=32 B
error: PKCS11 function C_SignUpdate failed: rv = CKR_FUNCTION_FAILED (0x6)
Aborting.
I would appreciate some help, thank you in advance.
About this issue
- Original URL
- State: closed
- Created 5 years ago
- Comments: 16 (2 by maintainers)
Glad it’s working for you.
Note, that it’s not Y5 that supports PSS (directly) - it’s the current master of OpenSC, or alternatively - a combination of OpenSC, libp11, and OpenSSL. As you saw, I demonstrated the same PSS capability with Y4 (and it works with Y NEO). It also supports OAEP in the same way.