yubico-piv-tool: Unable to generate signature with RSA-PKCS-PSS mechanism

Hello,

I have YubiKey 5 and I am trying to generate signature with RSA-PKCS-PSS mechanism with following command:

pkcs11-tool --module /usr/local/lib/libykcs11.dylib  -s -m RSA-PKCS-PSS --hash-algorithm SHA256 --mgf MGF1-SHA256 --input-file test.txt.sha256 --output-file test.txt.signature

but I am getting following error:

Using signature algorithm RSA-PKCS-PSS
PSS parameters: hashAlg=SHA256, mgf=MGF1-SHA256, salt_len=32 B
error: PKCS11 function C_SignUpdate failed: rv = CKR_FUNCTION_FAILED (0x6)
Aborting.

I would appreciate some help, thank you in advance.

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 16 (2 by maintainers)

Most upvoted comments

So, Y5 support PSS

Glad it’s working for you.

Note, that it’s not Y5 that supports PSS (directly) - it’s the current master of OpenSC, or alternatively - a combination of OpenSC, libp11, and OpenSSL. As you saw, I demonstrated the same PSS capability with Y4 (and it works with Y NEO). It also supports OAEP in the same way.

+1
mouse07410 on Apr 14, 2019
Read more comments on GitHub
← yubico-piv-tool: SSH keygen errors (unable to sign keys)
yubico-piv-tool: ykcs11 performance problem →