Re: [Fed-Talk] [EXTERNAL] Smartcard decryption not working under Sonoma
Re: [Fed-Talk] [EXTERNAL] Smartcard decryption not working under Sonoma
- Subject: Re: [Fed-Talk] [EXTERNAL] Smartcard decryption not working under Sonoma
- From: Ken Hornstein via Fed-talk <email@hidden>
- Date: Wed, 07 Feb 2024 18:25:03 -0500
>There is currently no in-system workaround short of getting both the
>relevant certificate and private key added to the login keychain as you
>said; easier said than done, and your security team may not like you
>doing so. Given the logged error you found, which sounds like more than
>anyone else has been able to find so far, I highly encourage you to open
>an AppleCare Enterprise Support case as I did, so that you can provide
>Apple the relevant information you’ve uncovered; it would benefit us
>all to do so.
Just an update ...
We don't have an AppleCare Enterprise Support account, so I can't submit
a bug report that way. I DID submit a bug report via Feedback Assistant;
in case anyone cares the ID for that is FB13595520. FYI, the error I get
from keychain-pkcs11 is:
SecKeyCreateDecryptedData failed: Error Domain=NSOSStatusErrorDomain Code=-50
"RSAdecrypt wrong input (err -13)" (paramErr: error in user parameter list)
UserInfo={numberOfErrorsDeep=0, NSDescription=RSAdecrypt wrong input (err -13)}
(-50)
Which ... isn't helpful, I think? However, people may be interested in
knowing that decryption with the RSA-OAEP algorithm works fine! The one
that fails is RSA-PKCS1. That doesn't really help us since nearly everything
out there is encrypted with PKCS#1 padding, but it does suggest to me that
the bug is somewhere in the PKCS#1 padding decoding. I put that in my
bug report (but it sure seems like the formatting is all munged up when
I put it in; sigh).
--Ken
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden