Fails to sign with 4096 bit RSA

[daniel-starke]

I am using a Xiao RP2350 with PicoHSM FW 5.4 as provided in the release notes here.
I am executing the following commands on Windows using OpenSC 0.26.1:
pkcs11-tool -l --pin <mypin> --keypairgen --key-type rsa:4096 --id 1 --label 001
openssl req -x509 -new -nodes -engine pkcs11 -key 31 -keyform engine -out 001.crt -days 9125 -config openssl.cnf -subj "%SUBJ%" -reqexts ca_ext

This, however, fails after sending the APDU for signing:

P:8052; T:2440 2025-03-03 22:28:52.364 [opensc-pkcs11] framework-pkcs15.c:4443:pkcs15_prkey_sign: Selected flags 140. Now computing signature for 51 bytes. 512 bytes reserved.
P:8052; T:2440 2025-03-03 22:28:52.368 [opensc-pkcs11] pkcs15-sec.c:615:sc_pkcs15_compute_signature: called
P:8052; T:2440 2025-03-03 22:28:52.371 [opensc-pkcs11] pkcs15-sec.c:668:sc_pkcs15_compute_signature: supported algorithm flags 0x80E0E211, private key usage 0x2E
P:8052; T:2440 2025-03-03 22:28:52.375 [opensc-pkcs11] padding.c:701:sc_get_encoding_flags: called
P:8052; T:2440 2025-03-03 22:28:52.377 [opensc-pkcs11] padding.c:705:sc_get_encoding_flags: iFlags 0x140, card capabilities 0x80E0E211
P:8052; T:2440 2025-03-03 22:28:52.380 [opensc-pkcs11] padding.c:766:sc_get_encoding_flags: pad flags 0x140, secure algorithm flags 0x1
P:8052; T:2440 2025-03-03 22:28:52.384 [opensc-pkcs11] padding.c:767:sc_get_encoding_flags: returning with: 0 (Success)
P:8052; T:2440 2025-03-03 22:28:52.387 [opensc-pkcs11] pkcs15-sec.c:739:sc_pkcs15_compute_signature: DEE flags:0x00000140 alg_info->flags:0x80e0e211 pad:0x00000140 sec:0x00000001
P:8052; T:2440 2025-03-03 22:28:52.391 [opensc-pkcs11] padding.c:624:sc_pkcs1_encode: called
P:8052; T:2440 2025-03-03 22:28:52.393 [opensc-pkcs11] padding.c:630:sc_pkcs1_encode: hash algorithm 0x100, pad algorithm 0x40
P:8052; T:2440 2025-03-03 22:28:52.396 [opensc-pkcs11] padding.c:654:sc_pkcs1_encode: returning with: 0 (Success)
P:8052; T:2440 2025-03-03 22:28:52.399 [opensc-pkcs11] card.c:471:sc_lock: called
P:8052; T:2440 2025-03-03 22:28:52.401 [opensc-pkcs11] card.c:513:sc_lock: returning with: 0 (Success)
P:8052; T:2440 2025-03-03 22:28:52.404 [opensc-pkcs11] sec.c:108:sc_set_security_env: called
P:8052; T:2440 2025-03-03 22:28:52.406 [opensc-pkcs11] card-sc-hsm.c:1069:sc_hsm_set_security_env: returning with: 0 (Success)
P:8052; T:2440 2025-03-03 22:28:52.409 [opensc-pkcs11] sec.c:112:sc_set_security_env: returning with: 0 (Success)
P:8052; T:2440 2025-03-03 22:28:52.412 [opensc-pkcs11] sec.c:62:sc_compute_signature: called
P:8052; T:2440 2025-03-03 22:28:52.415 [opensc-pkcs11] apdu.c:550:sc_transmit_apdu: called
P:8052; T:2440 2025-03-03 22:28:52.417 [opensc-pkcs11] card.c:471:sc_lock: called
P:8052; T:2440 2025-03-03 22:28:52.419 [opensc-pkcs11] card.c:513:sc_lock: returning with: 0 (Success)
P:8052; T:2440 2025-03-03 22:28:52.422 [opensc-pkcs11] apdu.c:515:sc_transmit: called
P:8052; T:2440 2025-03-03 22:28:52.424 [opensc-pkcs11] apdu.c:363:sc_single_transmit: called
P:8052; T:2440 2025-03-03 22:28:52.426 [opensc-pkcs11] apdu.c:367:sc_single_transmit: CLA:80, INS:68, P1:1, P2:20, data(512) 0000000000330000
P:8052; T:2440 2025-03-03 22:28:52.430 [opensc-pkcs11] reader-pcsc.c:327:pcsc_transmit: reader 'Pol Henarejos Pico Key CCID OTP FIDO Interfac 0'
P:8052; T:2440 2025-03-03 22:28:52.433 [opensc-pkcs11] reader-pcsc.c:328:pcsc_transmit:
Outgoing APDU (521 bytes):
80 68 01 20 00 02 00 00 01 FF FF FF FF FF FF FF .h. ............
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF 00 30 31 30 0D 06 09 60 86 48 01 65 03 ....010...`.H.e.
04 02 01 05 00 04 20 D7 D4 B4 55 0B 3D 08 E7 CA ...... ...U.=...
0E E4 50 97 50 52 15 0B 5D 9E 00 A3 7C 91 DC 27 ..P.PR..]...|..'
EA 0A 84 7C 33 22 C8 02 00                      ...|3"...

P:8052; T:2440 2025-03-03 22:28:52.479 [opensc-pkcs11] reader-pcsc.c:245:pcsc_internal_transmit: called
P:8052; T:2440 2025-03-03 22:28:55.666 [opensc-pkcs11] reader-pcsc.c:334:pcsc_transmit: unable to transmit
P:8052; T:2440 2025-03-03 22:28:55.670 [opensc-pkcs11] apdu.c:380:sc_single_transmit: unable to transmit APDU: -1213 (Unknown data received from card)
P:8052; T:2440 2025-03-03 22:28:55.674 [opensc-pkcs11] apdu.c:518:sc_transmit: transmit APDU failed: -1213 (Unknown data received from card)
P:8052; T:2440 2025-03-03 22:28:55.677 [opensc-pkcs11] card.c:523:sc_unlock: called
P:8052; T:2440 2025-03-03 22:28:55.679 [opensc-pkcs11] card-sc-hsm.c:1121:sc_hsm_compute_signature: APDU transmit failed: -1213 (Unknown data received from card)
P:8052; T:2440 2025-03-03 22:28:55.683 [opensc-pkcs11] sec.c:66:sc_compute_signature: returning with: -1213 (Unknown data received from card)
P:8052; T:2440 2025-03-03 22:28:55.687 [opensc-pkcs11] card.c:523:sc_unlock: called
P:8052; T:2440 2025-03-03 22:28:55.689 [opensc-pkcs11] pkcs15-sec.c:169:use_key: returning with: -1213 (Unknown data received from card)
P:8052; T:2440 2025-03-03 22:28:55.692 [opensc-pkcs11] pkcs15-sec.c:779:sc_pkcs15_compute_signature: use_key() failed: -1213 (Unknown data received from card)
P:8052; T:2440 2025-03-03 22:28:55.698 [opensc-pkcs11] pkcs15-sec.c:792:sc_pkcs15_compute_signature: returning with: -1213 (Unknown data received from card)
P:8052; T:2440 2025-03-03 22:28:55.702 [opensc-pkcs11] card.c:523:sc_unlock: called
P:8052; T:2440 2025-03-03 22:28:55.704 [opensc-pkcs11] reader-pcsc.c:734:pcsc_unlock: called
P:8052; T:2440 2025-03-03 22:28:55.707 [opensc-pkcs11] framework-pkcs15.c:4451:pkcs15_prkey_sign: Sign complete. Result -1213.
P:8052; T:2440 2025-03-03 22:28:55.710 [opensc-pkcs11] misc.c:72:sc_to_cryptoki_error_common: libopensc return value: -1213 (Unknown data received from card)
P:8052; T:2440 2025-03-03 22:28:55.714 [opensc-pkcs11] mechanism.c:608:sc_pkcs11_signature_final: returning with: 5
P:8052; T:2440 2025-03-03 22:28:55.716 [opensc-pkcs11] mechanism.c:465:sc_pkcs11_sign_final: returning with: 5
P:8052; T:2440 2025-03-03 22:28:55.719 [opensc-pkcs11] pkcs11-object.c:745:C_Sign: C_Sign() = CKR_GENERAL_ERROR

In Wireshark I can see two things I would expect different (without checking the actual specification):

21:39:22.514397 USB CCID
    Message Type: RDR_to_PC_DataBlock (0x80)
    Packet Length: 0
    Slot: 0
    Sequence: 170
    Status: 128, Status: An ICC is present and active, Status: Time Extension is requested 
    Error: 0
    Chain Parameter: 0

21:39:24.015537	USB CCID
    Message Type: RDR_to_PC_DataBlock (0x80)
    Packet Length: 0
    Slot: 0
    Sequence: 170
    Status: 128, Status: An ICC is present and active, Status: Time Extension is requested 
    Error: 0
    Chain Parameter: 0

21:39:24.193537 USB CCID
    Message Type: RDR_to_PC_DataBlock (0x80)
    Packet Length: 514
    Slot: 0
    Sequence: 170
    Status: 0, Status: An ICC is present and active, Status: Processed without error 
    Error: 0
    Chain Parameter: 0

21:39:24.193537 USB CCID
    Message Type: Unknown (0xbd)

First: The sequence number stays the same. Is that correct?
Second: There is some unknown message type from Pico HSM to PC. What means 0xBD? I can see a lot of 0x55 in other parts, but that does not seems to be an issue.

[polhenarejos]

Can you try with a shorter key like 1024?

[daniel-starke]

1024: OK
2048: OK
3072: FAIL
4096: FAIL

[daniel-starke]

Is there anything else I can do to assist you with the bug fix?

[polhenarejos]

I’ll debug myself. For curiosity, are you generating the 4k key in the device or it’s imported? How nuch time does it take?

[daniel-starke]

I got the 4096 bit key generated from within the device. I am not sure how long that takes. It starts and fails similar to the signing process. However, the result is not important at the USB interface so I can check after a while for the correctly generated key. I suspect that the keep-alive USB function has some issue. I.e. any USB operation taking longer than 1.5s? fails. Fortunately, the key generation does continue in the background :)

[polhenarejos]

Try this snippet and report the result:

echo "This is a test string. Be safe, be secure." > data
pkcs11-tool --read-object --pin 648219 --id 1 --type pubkey > 1.der
openssl rsa -inform DER -outform PEM -in 1.der -pubin > 1.pub
openssl dgst -sha1 -binary -out data.sha1 data
pkcs11-tool --id 1 --sign --pin 648219 --mechanism SHA1-RSA-PKCS -i data -o data.sig
openssl pkeyutl -verify -in data.sha1 -sigfile data.sig -pubin -inkey 1.pub -pkeyopt digest:sha1

[daniel-starke]

> pkcs11-tool -l --pin 0815 --keypairgen --key-type rsa:1024 --id 3 --label test
Using slot 0 with a present token (0x0)
error: PKCS11 function C_GenerateKeyPair failed: rv = CKR_GENERAL_ERROR (0x5)
Aborting.
> pkcs11-tool --read-object --pin 0815 --id 33 --type pubkey > 1.der
Using slot 0 with a present token (0x0)
> openssl rsa -inform DER -outform PEM -in 1.der -pubin > 1.pub
writing RSA key
> openssl dgst -sha1 -binary -out data.sha1 data
> pkcs11-tool --id 33 --sign --pin 0815 --mechanism SHA1-RSA-PKCS -i data -o data.sig
Using slot 0 with a present token (0x0)
Using signature algorithm SHA1-RSA-PKCS
> openssl pkeyutl -verify -in data.sha1 -sigfile data.sig -pubin -inkey 1.pub -pkeyopt digest:sha1
Signature Verified Successfully

test.zip

[polhenarejos]

Is the key 33 a rsa 4096?

[daniel-starke]

No, 1024 because 4096 fails.
Btw, I am not sure why but keypairgen id 3 is turned into id 33.

[polhenarejos]

So you tried the snippet with a rsa 4096 and failed, right? In which step? Which error?

[daniel-starke]

If you ask me that way... key generation fails for every RSA key size:

P:1388; T:8160 2025-03-12 18:08:00.295 [opensc-pkcs11] pkcs15-sc-hsm.c:116:sc_hsm_create_key: called
P:1388; T:8160 2025-03-12 18:08:00.298 [opensc-pkcs11] pkcs15-sc-hsm.c:117:sc_hsm_create_key: returning with: 0 (Success)
P:1388; T:8160 2025-03-12 18:08:00.301 [opensc-pkcs11] pkcs15-sc-hsm.c:260:sc_hsm_generate_key: called
P:1388; T:8160 2025-03-12 18:08:00.303 [opensc-pkcs11] pkcs15-sc-hsm.c:137:sc_hsm_determine_free_id: called
P:1388; T:8160 2025-03-12 18:08:00.306 [opensc-pkcs11] card.c:559:sc_list_files: called
P:1388; T:8160 2025-03-12 18:08:00.309 [opensc-pkcs11] apdu.c:550:sc_transmit_apdu: called
P:1388; T:8160 2025-03-12 18:08:00.311 [opensc-pkcs11] card.c:471:sc_lock: called
P:1388; T:8160 2025-03-12 18:08:00.314 [opensc-pkcs11] card.c:513:sc_lock: returning with: 0 (Success)
P:1388; T:8160 2025-03-12 18:08:00.316 [opensc-pkcs11] apdu.c:515:sc_transmit: called
P:1388; T:8160 2025-03-12 18:08:00.319 [opensc-pkcs11] apdu.c:363:sc_single_transmit: called
P:1388; T:8160 2025-03-12 18:08:00.321 [opensc-pkcs11] apdu.c:367:sc_single_transmit: CLA:80, INS:58, P1:0, P2:0, data(0) 0000000000000000
P:1388; T:8160 2025-03-12 18:08:00.325 [opensc-pkcs11] reader-pcsc.c:327:pcsc_transmit: reader 'Pol Henarejos Pico Key CCID OTP FIDO Interfac 0'
P:1388; T:8160 2025-03-12 18:08:00.328 [opensc-pkcs11] reader-pcsc.c:328:pcsc_transmit:
Outgoing APDU (7 bytes):
80 58 00 00 00 00 00 .X.....

P:1388; T:8160 2025-03-12 18:08:00.332 [opensc-pkcs11] reader-pcsc.c:245:pcsc_internal_transmit: called
P:1388; T:8160 2025-03-12 18:08:00.336 [opensc-pkcs11] reader-pcsc.c:337:pcsc_transmit:
Incoming APDU (14 bytes):
C4 00 CC 00 CC 01 CC 02 C4 01 C4 02 90 00 ..............

P:1388; T:8160 2025-03-12 18:08:00.341 [opensc-pkcs11] apdu.c:382:sc_single_transmit: returning with: 0 (Success)
P:1388; T:8160 2025-03-12 18:08:00.344 [opensc-pkcs11] apdu.c:539:sc_transmit: returning with: 0 (Success)
P:1388; T:8160 2025-03-12 18:08:00.347 [opensc-pkcs11] card.c:523:sc_unlock: called
P:1388; T:8160 2025-03-12 18:08:00.349 [opensc-pkcs11] card-sc-hsm.c:961:sc_hsm_list_files: returning with: 12
P:1388; T:8160 2025-03-12 18:08:00.352 [opensc-pkcs11] card.c:565:sc_list_files: returning with: 12
P:1388; T:8160 2025-03-12 18:08:00.355 [opensc-pkcs11] pkcs15-sc-hsm.c:149:sc_hsm_determine_free_id: returning with: 3
P:1388; T:8160 2025-03-12 18:08:00.357 [opensc-pkcs11] pkcs15-sc-hsm.c:160:sc_hsm_encode_gakp_rsa: called
P:1388; T:8160 2025-03-12 18:08:00.360 [opensc-pkcs11] pkcs15-sc-hsm.c:172:sc_hsm_encode_gakp_rsa: returning with: 0 (Success)
P:1388; T:8160 2025-03-12 18:08:00.363 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry: encoding 'certificate'
P:1388; T:8160 2025-03-12 18:08:00.367 [opensc-pkcs11] asn1.c:1833:asn1_encode_entry: type=129, tag=0x60001f21, parm=000000000030d110, len=0
P:1388; T:8160 2025-03-12 18:08:00.370 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry:  encoding 'certificateBody'
P:1388; T:8160 2025-03-12 18:08:00.374 [opensc-pkcs11] asn1.c:1833:asn1_encode_entry:  type=129, tag=0x60001f4e, parm=000000000030d190, len=0
P:1388; T:8160 2025-03-12 18:08:00.378 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry:   encoding 'certificateProfileIdentifier'
P:1388; T:8160 2025-03-12 18:08:00.381 [opensc-pkcs11] asn1.c:1833:asn1_encode_entry:   type=2, tag=0x40001f29, parm=000000000030d510, len=0
P:1388; T:8160 2025-03-12 18:08:00.385 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry:   length of encoded item=4
P:1388; T:8160 2025-03-12 18:08:00.388 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry:   encoding 'certificationAuthorityReference'
P:1388; T:8160 2025-03-12 18:08:00.391 [opensc-pkcs11] asn1.c:1833:asn1_encode_entry:   type=19, tag=0x40000002, parm=000000000030d514, len=9
P:1388; T:8160 2025-03-12 18:08:00.395 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry:   length of encoded item=11
P:1388; T:8160 2025-03-12 18:08:00.398 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry:   encoding 'publicKey'
P:1388; T:8160 2025-03-12 18:08:00.401 [opensc-pkcs11] asn1.c:1833:asn1_encode_entry:   type=129, tag=0x60001f49, parm=000000000030d260, len=0
P:1388; T:8160 2025-03-12 18:08:00.405 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry:    encoding 'publicKeyOID'
P:1388; T:8160 2025-03-12 18:08:00.408 [opensc-pkcs11] asn1.c:1833:asn1_encode_entry:    type=6, tag=0x06, parm=000000000030d530, len=0
P:1388; T:8160 2025-03-12 18:08:00.411 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry:    length of encoded item=12
P:1388; T:8160 2025-03-12 18:08:00.414 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry:    encoding 'primeOrModulus' (not present)
P:1388; T:8160 2025-03-12 18:08:00.417 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry:    length of encoded item=0
P:1388; T:8160 2025-03-12 18:08:00.420 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry:    encoding 'coefficientAorExponent'
P:1388; T:8160 2025-03-12 18:08:00.423 [opensc-pkcs11] asn1.c:1833:asn1_encode_entry:    type=4, tag=0x80000002, parm=0000000001ea70a0, len=3
P:1388; T:8160 2025-03-12 18:08:00.427 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry:    length of encoded item=5
P:1388; T:8160 2025-03-12 18:08:00.430 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry:    encoding 'coefficientB' (not present)
P:1388; T:8160 2025-03-12 18:08:00.433 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry:    length of encoded item=0
P:1388; T:8160 2025-03-12 18:08:00.437 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry:    encoding 'basePointG' (not present)
P:1388; T:8160 2025-03-12 18:08:00.440 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry:    length of encoded item=0
P:1388; T:8160 2025-03-12 18:08:00.443 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry:    encoding 'order' (not present)
P:1388; T:8160 2025-03-12 18:08:00.446 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry:    length of encoded item=0
P:1388; T:8160 2025-03-12 18:08:00.449 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry:    encoding 'publicPoint' (not present)
P:1388; T:8160 2025-03-12 18:08:00.452 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry:    length of encoded item=0
P:1388; T:8160 2025-03-12 18:08:00.455 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry:    encoding 'cofactor' (not present)
P:1388; T:8160 2025-03-12 18:08:00.459 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry:    length of encoded item=0
P:1388; T:8160 2025-03-12 18:08:00.462 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry:    encoding 'modulusSize'
P:1388; T:8160 2025-03-12 18:08:00.465 [opensc-pkcs11] asn1.c:1833:asn1_encode_entry:    type=2, tag=0x02, parm=000000000030d5e0, len=0
P:1388; T:8160 2025-03-12 18:08:00.469 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry:    length of encoded item=4
P:1388; T:8160 2025-03-12 18:08:00.472 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry:   length of encoded item=24
P:1388; T:8160 2025-03-12 18:08:00.475 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry:   encoding 'certificateHolderReference'
P:1388; T:8160 2025-03-12 18:08:00.478 [opensc-pkcs11] asn1.c:1833:asn1_encode_entry:   type=19, tag=0x40001f20, parm=000000000030d5e4, len=16
P:1388; T:8160 2025-03-12 18:08:00.481 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry:   length of encoded item=19
P:1388; T:8160 2025-03-12 18:08:00.485 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry:  length of encoded item=61
P:1388; T:8160 2025-03-12 18:08:00.488 [opensc-pkcs11] asn1.c:1828:asn1_encode_entry:  encoding 'signature' (not present)
P:1388; T:8160 2025-03-12 18:08:00.491 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry:  length of encoded item=0
P:1388; T:8160 2025-03-12 18:08:00.494 [opensc-pkcs11] asn1.c:2026:asn1_encode_entry: length of encoded item=64
P:1388; T:8160 2025-03-12 18:08:00.497 [opensc-pkcs11] pkcs15-sc-hsm.c:816:sc_pkcs15emu_sc_hsm_encode_cvc: returning with: 0 (Success)
P:1388; T:8160 2025-03-12 18:08:00.501 [opensc-pkcs11] card.c:1119:sc_card_ctl: called with cmd=1396918273
P:1388; T:8160 2025-03-12 18:08:00.504 [opensc-pkcs11] card-sc-hsm.c:1722:sc_hsm_generate_keypair: called
P:1388; T:8160 2025-03-12 18:08:00.507 [opensc-pkcs11] apdu.c:550:sc_transmit_apdu: called
P:1388; T:8160 2025-03-12 18:08:00.510 [opensc-pkcs11] card.c:471:sc_lock: called
P:1388; T:8160 2025-03-12 18:08:00.512 [opensc-pkcs11] card.c:513:sc_lock: returning with: 0 (Success)
P:1388; T:8160 2025-03-12 18:08:00.514 [opensc-pkcs11] apdu.c:515:sc_transmit: called
P:1388; T:8160 2025-03-12 18:08:00.517 [opensc-pkcs11] apdu.c:363:sc_single_transmit: called
P:1388; T:8160 2025-03-12 18:08:00.519 [opensc-pkcs11] apdu.c:367:sc_single_transmit: CLA:0, INS:46, P1:3, P2:0, data(58) 00000000004e11a6
P:1388; T:8160 2025-03-12 18:08:00.523 [opensc-pkcs11] reader-pcsc.c:327:pcsc_transmit: reader 'Pol Henarejos Pico Key CCID OTP FIDO Interfac 0'
P:1388; T:8160 2025-03-12 18:08:00.527 [opensc-pkcs11] reader-pcsc.c:328:pcsc_transmit:
Outgoing APDU (67 bytes):
00 46 03 00 00 00 3A 5F 29 01 00 42 09 55 54 43 .F....:_)..B.UTC
41 30 30 30 30 31 7F 49 15 06 0A 04 00 7F 00 07 A00001.I........
02 02 02 01 02 82 03 01 00 01 02 02 04 00 5F 20 .............._
10 45 53 50 49 43 4F 48 53 4D 54 52 30 30 30 30 .ESPICOHSMTR0000
31 00 00                                        1..

P:1388; T:8160 2025-03-12 18:08:00.537 [opensc-pkcs11] reader-pcsc.c:245:pcsc_internal_transmit: called
P:1388; T:8160 2025-03-12 18:08:04.324 [opensc-pkcs11] reader-pcsc.c:334:pcsc_transmit: unable to transmit
P:1388; T:8160 2025-03-12 18:08:04.327 [opensc-pkcs11] apdu.c:380:sc_single_transmit: unable to transmit APDU: -1213 (Unknown data received from card)
P:1388; T:8160 2025-03-12 18:08:04.332 [opensc-pkcs11] apdu.c:518:sc_transmit: transmit APDU failed: -1213 (Unknown data received from card)
P:1388; T:8160 2025-03-12 18:08:04.336 [opensc-pkcs11] card.c:523:sc_unlock: called
P:1388; T:8160 2025-03-12 18:08:04.338 [opensc-pkcs11] card-sc-hsm.c:1735:sc_hsm_generate_keypair: APDU transmit failed: -1213 (Unknown data receivedfrom card)
P:1388; T:8160 2025-03-12 18:08:04.342 [opensc-pkcs11] card.c:1129:sc_card_ctl: returning with: -1213 (Unknown data received from card)
P:1388; T:8160 2025-03-12 18:08:04.346 [opensc-pkcs11] pkcs15-sc-hsm.c:338:sc_hsm_generate_key: returning with: -1213 (Unknown data received from card)
P:1388; T:8160 2025-03-12 18:08:04.350 [opensc-pkcs11] pkcs15-lib.c:1618:sc_pkcs15init_generate_key: Failed to generate key: -1213 (Unknown data received from card)
P:1388; T:8160 2025-03-12 18:08:04.355 [opensc-pkcs11] pkcs15-lib.c:1681:sc_pkcs15init_generate_key: returning with: -1213 (Unknown data received from card)
P:1388; T:8160 2025-03-12 18:08:04.359 [opensc-pkcs11] framework-pkcs15.c:3493:pkcs15_gen_keypair: sc_pkcs15init_generate_key returned -1213
P:1388; T:8160 2025-03-12 18:08:04.363 [opensc-pkcs11] misc.c:72:sc_to_cryptoki_error_common: libopensc return value: -1213 (Unknown data received from card)
P:1388; T:8160 2025-03-12 18:08:04.366 [opensc-pkcs11] pkcs15-lib.c:435:sc_pkcs15init_unbind: called
P:1388; T:8160 2025-03-12 18:08:04.369 [opensc-pkcs11] pkcs15-lib.c:436:sc_pkcs15init_unbind: Pksc15init Unbind: 0:0000000000552540:1
P:1388; T:8160 2025-03-12 18:08:04.373 [opensc-pkcs11] card.c:523:sc_unlock: called
P:1388; T:8160 2025-03-12 18:08:04.375 [opensc-pkcs11] reader-pcsc.c:734:pcsc_unlock: called
P:1388; T:8160 2025-03-12 18:08:04.378 [opensc-pkcs11] pkcs11-global.c:415:C_Finalize: C_Finalize()
P:1388; T:8160 2025-03-12 18:08:04.381 [opensc-pkcs11] ctx.c:1042:sc_cancel: called
P:1388; T:8160 2025-03-12 18:08:04.383 [opensc-pkcs11] reader-pcsc.c:784:pcsc_cancel: called
P:1388; T:8160 2025-03-12 18:08:04.385 [opensc-pkcs11] slot.c:191:card_removed: Pol Henarejos Pico Key CCID OTP FIDO Interfac 0: card removed
P:1388; T:8160 2025-03-12 18:08:04.389 [opensc-pkcs11] slot.c:501:slot_token_removed: slot_token_removed(0x0)
P:1388; T:8160 2025-03-12 18:08:04.393 [opensc-pkcs11] pkcs11-session.c:145:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x0) 1
P:1388; T:8160 2025-03-12 18:08:04.396 [opensc-pkcs11] pkcs11-session.c:109:sc_pkcs11_close_session: real C_CloseSession(0x4dad70)
P:1388; T:8160 2025-03-12 18:08:04.399 [opensc-pkcs11] pkcs15-pin.c:851:sc_pkcs15_pincache_clear: called
P:1388; T:8160 2025-03-12 18:08:04.402 [opensc-pkcs11] framework-pkcs15.c:2000:pkcs15_logout: Clearing PIN state without calling sc_logout()
P:1388; T:8160 2025-03-12 18:08:04.406 [opensc-pkcs11] framework-pkcs15.c:1778:pkcs15_release_token: pkcs15_release_token() not implemented
P:1388; T:8160 2025-03-12 18:08:04.409 [opensc-pkcs11] slot.c:501:slot_token_removed: slot_token_removed(0x1)
P:1388; T:8160 2025-03-12 18:08:04.413 [opensc-pkcs11] pkcs11-session.c:145:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x1) 0
P:1388; T:8160 2025-03-12 18:08:04.417 [opensc-pkcs11] slot.c:501:slot_token_removed: slot_token_removed(0x2)
P:1388; T:8160 2025-03-12 18:08:04.420 [opensc-pkcs11] pkcs11-session.c:145:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x2) 0
P:1388; T:8160 2025-03-12 18:08:04.423 [opensc-pkcs11] slot.c:501:slot_token_removed: slot_token_removed(0x3)
P:1388; T:8160 2025-03-12 18:08:04.426 [opensc-pkcs11] pkcs11-session.c:145:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x3) 0
P:1388; T:8160 2025-03-12 18:08:04.430 [opensc-pkcs11] pkcs15.c:1387:sc_pkcs15_unbind: called
P:1388; T:8160 2025-03-12 18:08:04.432 [opensc-pkcs11] pkcs15-pin.c:851:sc_pkcs15_pincache_clear: called
P:1388; T:8160 2025-03-12 18:08:04.435 [opensc-pkcs11] misc.c:72:sc_to_cryptoki_error_common: libopensc return value: 0 (Success)
P:1388; T:8160 2025-03-12 18:08:04.438 [opensc-pkcs11] card.c:414:sc_disconnect_card: called
P:1388; T:8160 2025-03-12 18:08:04.441 [opensc-pkcs11] reader-pcsc.c:677:pcsc_disconnect: Pol Henarejos Pico Key CCID OTP FIDO Interfac 0:SCardDisconnect returned: 0x00000000
P:1388; T:8160 2025-03-12 18:08:04.445 [opensc-pkcs11] card.c:434:sc_disconnect_card: returning with: 0 (Success)
P:1388; T:8160 2025-03-12 18:08:04.448 [opensc-pkcs11] ctx.c:1066:sc_release_context: called
P:1388; T:8160 2025-03-12 18:08:04.451 [opensc-pkcs11] reader-pcsc.c:971:pcsc_finish: called
error: PKCS11 function C_GenerateKeyPair failed: rv = CKR_GENERAL_ERROR (0x5)
Aborting.

Same each (example above for 1024 bit):

• pkcs11-tool -l --pin 0815 --keypairgen --key-type rsa:1024 --id 3 --label test
• pkcs11-tool -l --pin 0815 --keypairgen --key-type rsa:2048 --id 3 --label test
• pkcs11-tool -l --pin 0815 --keypairgen --key-type rsa:3072 --id 3 --label test
• pkcs11-tool -l --pin 0815 --keypairgen --key-type rsa:4096 --id 3 --label test

However, it completes in the background after a while. But usually, the device needs to be plugged again after that to work correctly.

[daniel-starke]

Just for reference:
If I do all the steps here with the 4096 bit RSA key it fails at:
pkcs11-tool --id 31 --sign --pin 0815 --mechanism SHA1-RSA-PKCS -i data -o data.sig
with the following error:

P:4060; T:2008 2025-03-12 21:09:55.863 [opensc-pkcs11] framework-pkcs15.c:4297:pkcs15_prkey_sign: Initiating signing operation, mechanism 0x6.
P:4060; T:2008 2025-03-12 21:09:55.863 [opensc-pkcs11] card.c:471:sc_lock: called
P:4060; T:2008 2025-03-12 21:09:55.863 [opensc-pkcs11] reader-pcsc.c:692:pcsc_lock: called
P:4060; T:2008 2025-03-12 21:09:55.863 [opensc-pkcs11] card.c:513:sc_lock: returning with: 0 (Success)
P:4060; T:2008 2025-03-12 21:09:55.863 [opensc-pkcs11] framework-pkcs15.c:4443:pkcs15_prkey_sign: Selected flags 240. Now computing signature for 20 bytes. 512 bytes reserved.
P:4060; T:2008 2025-03-12 21:09:55.864 [opensc-pkcs11] pkcs15-sec.c:615:sc_pkcs15_compute_signature: called
P:4060; T:2008 2025-03-12 21:09:55.864 [opensc-pkcs11] pkcs15-sec.c:668:sc_pkcs15_compute_signature: supported algorithm flags 0x80E0E211, private key usage 0x2E
P:4060; T:2008 2025-03-12 21:09:55.864 [opensc-pkcs11] padding.c:701:sc_get_encoding_flags: called
P:4060; T:2008 2025-03-12 21:09:55.864 [opensc-pkcs11] padding.c:705:sc_get_encoding_flags: iFlags 0x240, card capabilities 0x80E0E211
P:4060; T:2008 2025-03-12 21:09:55.864 [opensc-pkcs11] padding.c:766:sc_get_encoding_flags: pad flags 0x240, secure algorithm flags 0x1
P:4060; T:2008 2025-03-12 21:09:55.864 [opensc-pkcs11] padding.c:767:sc_get_encoding_flags: returning with: 0 (Success)
P:4060; T:2008 2025-03-12 21:09:55.865 [opensc-pkcs11] pkcs15-sec.c:739:sc_pkcs15_compute_signature: DEE flags:0x00000240 alg_info->flags:0x80e0e211 pad:0x00000240 sec:0x00000001
P:4060; T:2008 2025-03-12 21:09:55.865 [opensc-pkcs11] padding.c:624:sc_pkcs1_encode: called
P:4060; T:2008 2025-03-12 21:09:55.865 [opensc-pkcs11] padding.c:630:sc_pkcs1_encode: hash algorithm 0x200, pad algorithm 0x40
P:4060; T:2008 2025-03-12 21:09:55.865 [opensc-pkcs11] padding.c:654:sc_pkcs1_encode: returning with: 0 (Success)
P:4060; T:2008 2025-03-12 21:09:55.865 [opensc-pkcs11] card.c:471:sc_lock: called
P:4060; T:2008 2025-03-12 21:09:55.865 [opensc-pkcs11] card.c:513:sc_lock: returning with: 0 (Success)
P:4060; T:2008 2025-03-12 21:09:55.866 [opensc-pkcs11] sec.c:108:sc_set_security_env: called
P:4060; T:2008 2025-03-12 21:09:55.866 [opensc-pkcs11] card-sc-hsm.c:1069:sc_hsm_set_security_env: returning with: 0 (Success)
P:4060; T:2008 2025-03-12 21:09:55.866 [opensc-pkcs11] sec.c:112:sc_set_security_env: returning with: 0 (Success)
P:4060; T:2008 2025-03-12 21:09:55.866 [opensc-pkcs11] sec.c:62:sc_compute_signature: called
P:4060; T:2008 2025-03-12 21:09:55.866 [opensc-pkcs11] apdu.c:550:sc_transmit_apdu: called
P:4060; T:2008 2025-03-12 21:09:55.866 [opensc-pkcs11] card.c:471:sc_lock: called
P:4060; T:2008 2025-03-12 21:09:55.866 [opensc-pkcs11] card.c:513:sc_lock: returning with: 0 (Success)
P:4060; T:2008 2025-03-12 21:09:55.867 [opensc-pkcs11] apdu.c:515:sc_transmit: called
P:4060; T:2008 2025-03-12 21:09:55.867 [opensc-pkcs11] apdu.c:363:sc_single_transmit: called
P:4060; T:2008 2025-03-12 21:09:55.867 [opensc-pkcs11] apdu.c:367:sc_single_transmit: CLA:80, INS:68, P1:1, P2:20, data(512) 0000000000100000
P:4060; T:2008 2025-03-12 21:09:55.867 [opensc-pkcs11] reader-pcsc.c:327:pcsc_transmit: reader 'Pol Henarejos Pico Key CCID OTP FIDO Interfac 0'
P:4060; T:2008 2025-03-12 21:09:55.867 [opensc-pkcs11] reader-pcsc.c:328:pcsc_transmit: 
Outgoing APDU (521 bytes):
80 68 01 20 00 02 00 00 01 FF FF FF FF FF FF FF .h. ............
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF 00 30 21 30 09 06 05 2B 0E 03 02 1A 05 ....0!0...+.....
00 04 14 CC CE FE AB DC E3 EC 74 1D 23 39 B4 88 ..........t.#9..
04 4A 43 B6 39 A3 D6 02 00                      .JC.9....

P:4060; T:2008 2025-03-12 21:09:55.870 [opensc-pkcs11] reader-pcsc.c:245:pcsc_internal_transmit: called
P:4060; T:2008 2025-03-12 21:09:59.055 [opensc-pkcs11] reader-pcsc.c:334:pcsc_transmit: unable to transmit
P:4060; T:2008 2025-03-12 21:09:59.055 [opensc-pkcs11] apdu.c:380:sc_single_transmit: unable to transmit APDU: -1213 (Unknown data received from card)
P:4060; T:2008 2025-03-12 21:09:59.055 [opensc-pkcs11] apdu.c:518:sc_transmit: transmit APDU failed: -1213 (Unknown data received from card)
P:4060; T:2008 2025-03-12 21:09:59.055 [opensc-pkcs11] card.c:523:sc_unlock: called
P:4060; T:2008 2025-03-12 21:09:59.055 [opensc-pkcs11] card-sc-hsm.c:1121:sc_hsm_compute_signature: APDU transmit failed: -1213 (Unknown data received from card)
P:4060; T:2008 2025-03-12 21:09:59.056 [opensc-pkcs11] sec.c:66:sc_compute_signature: returning with: -1213 (Unknown data received from card)
P:4060; T:2008 2025-03-12 21:09:59.056 [opensc-pkcs11] card.c:523:sc_unlock: called
P:4060; T:2008 2025-03-12 21:09:59.056 [opensc-pkcs11] pkcs15-sec.c:169:use_key: returning with: -1213 (Unknown data received from card)
P:4060; T:2008 2025-03-12 21:09:59.056 [opensc-pkcs11] pkcs15-sec.c:779:sc_pkcs15_compute_signature: use_key() failed: -1213 (Unknown data received from card)
P:4060; T:2008 2025-03-12 21:09:59.056 [opensc-pkcs11] pkcs15-sec.c:792:sc_pkcs15_compute_signature: returning with: -1213 (Unknown data received from card)
P:4060; T:2008 2025-03-12 21:09:59.057 [opensc-pkcs11] card.c:523:sc_unlock: called
P:4060; T:2008 2025-03-12 21:09:59.057 [opensc-pkcs11] reader-pcsc.c:734:pcsc_unlock: called
P:4060; T:2008 2025-03-12 21:09:59.057 [opensc-pkcs11] framework-pkcs15.c:4451:pkcs15_prkey_sign: Sign complete. Result -1213.
P:4060; T:2008 2025-03-12 21:09:59.057 [opensc-pkcs11] misc.c:72:sc_to_cryptoki_error_common: libopensc return value: -1213 (Unknown data received from card)
P:4060; T:2008 2025-03-12 21:09:59.057 [opensc-pkcs11] mechanism.c:608:sc_pkcs11_signature_final: returning with: 5
P:4060; T:2008 2025-03-12 21:09:59.058 [opensc-pkcs11] mechanism.c:465:sc_pkcs11_sign_final: returning with: 5
P:4060; T:2008 2025-03-12 21:09:59.058 [opensc-pkcs11] pkcs11-object.c:745:C_Sign: C_Sign() = CKR_GENERAL_ERROR
P:4060; T:2008 2025-03-12 21:09:59.058 [opensc-pkcs11] framework-pkcs15.c:4034:pkcs15_prkey_get_attribute: pkcs15_prkey_get_attribute() called
P:4060; T:2008 2025-03-12 21:09:59.058 [opensc-pkcs11] framework-pkcs15.c:4034:pkcs15_prkey_get_attribute: pkcs15_prkey_get_attribute() called
P:4060; T:2008 2025-03-12 21:09:59.058 [opensc-pkcs11] mechanism.c:378:sc_pkcs11_sign_init: called
P:4060; T:2008 2025-03-12 21:09:59.058 [opensc-pkcs11] mechanism.c:383:sc_pkcs11_sign_init: mechanism 0x6, key-type 0x0
P:4060; T:2008 2025-03-12 21:09:59.059 [opensc-pkcs11] misc.c:268:session_start_operation: called
P:4060; T:2008 2025-03-12 21:09:59.059 [opensc-pkcs11] misc.c:269:session_start_operation: Session 0x4cae30, type 1
P:4060; T:2008 2025-03-12 21:09:59.059 [opensc-pkcs11] mechanism.c:505:sc_pkcs11_signature_init: called
P:4060; T:2008 2025-03-12 21:09:59.059 [opensc-pkcs11] framework-pkcs15.c:4751:pkcs15_prkey_can_do: called
P:4060; T:2008 2025-03-12 21:09:59.059 [opensc-pkcs11] framework-pkcs15.c:4752:pkcs15_prkey_can_do: check hardware capabilities: CK_MECHANISM_TYPE=0x6 (CKM) and CKF_xxx=0x800
P:4060; T:2008 2025-03-12 21:09:59.059 [opensc-pkcs11] framework-pkcs15.c:4760:pkcs15_prkey_can_do: returning with: 84
P:4060; T:2008 2025-03-12 21:09:59.060 [opensc-pkcs11] mechanism.c:559:sc_pkcs11_signature_init: returning with: 0 (Success)
P:4060; T:2008 2025-03-12 21:09:59.060 [opensc-pkcs11] mechanism.c:412:sc_pkcs11_sign_init: returning with: 0 (Success)
P:4060; T:2008 2025-03-12 21:09:59.060 [opensc-pkcs11] pkcs11-object.c:697:C_SignInit: C_SignInit() = CKR_OK
P:4060; T:2008 2025-03-12 21:09:59.060 [opensc-pkcs11] framework-pkcs15.c:4034:pkcs15_prkey_get_attribute: pkcs15_prkey_get_attribute() called
P:4060; T:2008 2025-03-12 21:09:59.060 [opensc-pkcs11] pkcs11-object.c:270:C_GetAttributeValue: Object 30960544: CKA_CLASS = CKO_PRIVATE_KEY
P:4060; T:2008 2025-03-12 21:09:59.060 [opensc-pkcs11] pkcs11-object.c:294:C_GetAttributeValue: C_GetAttributeValue(hSession=0x4cae30, hObject=0x1d86ba0) = CKR_OK
P:4060; T:2008 2025-03-12 21:09:59.061 [opensc-pkcs11] framework-pkcs15.c:4034:pkcs15_prkey_get_attribute: pkcs15_prkey_get_attribute() called
P:4060; T:2008 2025-03-12 21:09:59.061 [opensc-pkcs11] pkcs11-object.c:270:C_GetAttributeValue: Object 30960544: CKA_ALWAYS_AUTHENTICATE = FALSE
P:4060; T:2008 2025-03-12 21:09:59.061 [opensc-pkcs11] pkcs11-object.c:294:C_GetAttributeValue: C_GetAttributeValue(hSession=0x4cae30, hObject=0x1d86ba0) = CKR_OK
P:4060; T:2008 2025-03-12 21:09:59.061 [opensc-pkcs11] mechanism.c:422:sc_pkcs11_sign_update: called
P:4060; T:2008 2025-03-12 21:09:59.061 [opensc-pkcs11] misc.c:290:session_get_operation: called
P:4060; T:2008 2025-03-12 21:09:59.062 [opensc-pkcs11] mechanism.c:569:sc_pkcs11_signature_update: called
P:4060; T:2008 2025-03-12 21:09:59.062 [opensc-pkcs11] mechanism.c:570:sc_pkcs11_signature_update: data part length 43
P:4060; T:2008 2025-03-12 21:09:59.062 [opensc-pkcs11] mechanism.c:574:sc_pkcs11_signature_update: returning with: 0 (Success)
P:4060; T:2008 2025-03-12 21:09:59.062 [opensc-pkcs11] mechanism.c:438:sc_pkcs11_sign_update: returning with: 0 (Success)
P:4060; T:2008 2025-03-12 21:09:59.062 [opensc-pkcs11] pkcs11-object.c:767:C_SignUpdate: C_SignUpdate() = CKR_OK
P:4060; T:2008 2025-03-12 21:09:59.062 [opensc-pkcs11] misc.c:290:session_get_operation: called
P:4060; T:2008 2025-03-12 21:09:59.062 [opensc-pkcs11] framework-pkcs15.c:4034:pkcs15_prkey_get_attribute: pkcs15_prkey_get_attribute() called
P:4060; T:2008 2025-03-12 21:09:59.063 [opensc-pkcs11] framework-pkcs15.c:4034:pkcs15_prkey_get_attribute: pkcs15_prkey_get_attribute() called
P:4060; T:2008 2025-03-12 21:09:59.063 [opensc-pkcs11] mechanism.c:654:sc_pkcs11_signature_size: returning with: 0 (Success)
P:4060; T:2008 2025-03-12 21:09:59.063 [opensc-pkcs11] mechanism.c:490:sc_pkcs11_sign_size: returning with: 0 (Success)
P:4060; T:2008 2025-03-12 21:09:59.063 [opensc-pkcs11] mechanism.c:448:sc_pkcs11_sign_final: called
P:4060; T:2008 2025-03-12 21:09:59.063 [opensc-pkcs11] misc.c:290:session_get_operation: called
P:4060; T:2008 2025-03-12 21:09:59.063 [opensc-pkcs11] mechanism.c:589:sc_pkcs11_signature_final: called
P:4060; T:2008 2025-03-12 21:09:59.064 [opensc-pkcs11] framework-pkcs15.c:4297:pkcs15_prkey_sign: Initiating signing operation, mechanism 0x6.
P:4060; T:2008 2025-03-12 21:09:59.064 [opensc-pkcs11] card.c:471:sc_lock: called
P:4060; T:2008 2025-03-12 21:09:59.064 [opensc-pkcs11] reader-pcsc.c:692:pcsc_lock: called
P:4060; T:2008 2025-03-12 21:09:59.064 [opensc-pkcs11] card.c:513:sc_lock: returning with: 0 (Success)
P:4060; T:2008 2025-03-12 21:09:59.064 [opensc-pkcs11] framework-pkcs15.c:4443:pkcs15_prkey_sign: Selected flags 240. Now computing signature for 20 bytes. 512 bytes reserved.
P:4060; T:2008 2025-03-12 21:09:59.065 [opensc-pkcs11] pkcs15-sec.c:615:sc_pkcs15_compute_signature: called
P:4060; T:2008 2025-03-12 21:09:59.065 [opensc-pkcs11] pkcs15-sec.c:668:sc_pkcs15_compute_signature: supported algorithm flags 0x80E0E211, private key usage 0x2E
P:4060; T:2008 2025-03-12 21:09:59.065 [opensc-pkcs11] padding.c:701:sc_get_encoding_flags: called
P:4060; T:2008 2025-03-12 21:09:59.065 [opensc-pkcs11] padding.c:705:sc_get_encoding_flags: iFlags 0x240, card capabilities 0x80E0E211
P:4060; T:2008 2025-03-12 21:09:59.065 [opensc-pkcs11] padding.c:766:sc_get_encoding_flags: pad flags 0x240, secure algorithm flags 0x1
P:4060; T:2008 2025-03-12 21:09:59.065 [opensc-pkcs11] padding.c:767:sc_get_encoding_flags: returning with: 0 (Success)
P:4060; T:2008 2025-03-12 21:09:59.066 [opensc-pkcs11] pkcs15-sec.c:739:sc_pkcs15_compute_signature: DEE flags:0x00000240 alg_info->flags:0x80e0e211 pad:0x00000240 sec:0x00000001
P:4060; T:2008 2025-03-12 21:09:59.066 [opensc-pkcs11] padding.c:624:sc_pkcs1_encode: called
P:4060; T:2008 2025-03-12 21:09:59.066 [opensc-pkcs11] padding.c:630:sc_pkcs1_encode: hash algorithm 0x200, pad algorithm 0x40
P:4060; T:2008 2025-03-12 21:09:59.066 [opensc-pkcs11] padding.c:654:sc_pkcs1_encode: returning with: 0 (Success)
P:4060; T:2008 2025-03-12 21:09:59.066 [opensc-pkcs11] card.c:471:sc_lock: called
P:4060; T:2008 2025-03-12 21:09:59.066 [opensc-pkcs11] card.c:513:sc_lock: returning with: 0 (Success)
P:4060; T:2008 2025-03-12 21:09:59.067 [opensc-pkcs11] sec.c:108:sc_set_security_env: called
P:4060; T:2008 2025-03-12 21:09:59.067 [opensc-pkcs11] card-sc-hsm.c:1069:sc_hsm_set_security_env: returning with: 0 (Success)
P:4060; T:2008 2025-03-12 21:09:59.067 [opensc-pkcs11] sec.c:112:sc_set_security_env: returning with: 0 (Success)
P:4060; T:2008 2025-03-12 21:09:59.067 [opensc-pkcs11] sec.c:62:sc_compute_signature: called
P:4060; T:2008 2025-03-12 21:09:59.067 [opensc-pkcs11] apdu.c:550:sc_transmit_apdu: called
P:4060; T:2008 2025-03-12 21:09:59.067 [opensc-pkcs11] card.c:471:sc_lock: called
P:4060; T:2008 2025-03-12 21:09:59.067 [opensc-pkcs11] card.c:513:sc_lock: returning with: 0 (Success)
P:4060; T:2008 2025-03-12 21:09:59.068 [opensc-pkcs11] apdu.c:515:sc_transmit: called
P:4060; T:2008 2025-03-12 21:09:59.068 [opensc-pkcs11] apdu.c:363:sc_single_transmit: called
P:4060; T:2008 2025-03-12 21:09:59.068 [opensc-pkcs11] apdu.c:367:sc_single_transmit: CLA:80, INS:68, P1:1, P2:20, data(512) 0000000000100000
P:4060; T:2008 2025-03-12 21:09:59.068 [opensc-pkcs11] reader-pcsc.c:327:pcsc_transmit: reader 'Pol Henarejos Pico Key CCID OTP FIDO Interfac 0'
P:4060; T:2008 2025-03-12 21:09:59.069 [opensc-pkcs11] reader-pcsc.c:328:pcsc_transmit: 
Outgoing APDU (521 bytes):
80 68 01 20 00 02 00 00 01 FF FF FF FF FF FF FF .h. ............
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
FF FF FF 00 30 21 30 09 06 05 2B 0E 03 02 1A 05 ....0!0...+.....
00 04 14 CC CE FE AB DC E3 EC 74 1D 23 39 B4 88 ..........t.#9..
04 4A 43 B6 39 A3 D6 02 00                      .JC.9....

P:4060; T:2008 2025-03-12 21:09:59.072 [opensc-pkcs11] reader-pcsc.c:245:pcsc_internal_transmit: called
P:4060; T:2008 2025-03-12 21:10:02.256 [opensc-pkcs11] reader-pcsc.c:334:pcsc_transmit: unable to transmit
P:4060; T:2008 2025-03-12 21:10:02.256 [opensc-pkcs11] apdu.c:380:sc_single_transmit: unable to transmit APDU: -1213 (Unknown data received from card)
P:4060; T:2008 2025-03-12 21:10:02.257 [opensc-pkcs11] apdu.c:518:sc_transmit: transmit APDU failed: -1213 (Unknown data received from card)
P:4060; T:2008 2025-03-12 21:10:02.257 [opensc-pkcs11] card.c:523:sc_unlock: called
P:4060; T:2008 2025-03-12 21:10:02.257 [opensc-pkcs11] card-sc-hsm.c:1121:sc_hsm_compute_signature: APDU transmit failed: -1213 (Unknown data received from card)
P:4060; T:2008 2025-03-12 21:10:02.258 [opensc-pkcs11] sec.c:66:sc_compute_signature: returning with: -1213 (Unknown data received from card)
P:4060; T:2008 2025-03-12 21:10:02.258 [opensc-pkcs11] card.c:523:sc_unlock: called
P:4060; T:2008 2025-03-12 21:10:02.259 [opensc-pkcs11] pkcs15-sec.c:169:use_key: returning with: -1213 (Unknown data received from card)
P:4060; T:2008 2025-03-12 21:10:02.259 [opensc-pkcs11] pkcs15-sec.c:779:sc_pkcs15_compute_signature: use_key() failed: -1213 (Unknown data received from card)
P:4060; T:2008 2025-03-12 21:10:02.260 [opensc-pkcs11] pkcs15-sec.c:792:sc_pkcs15_compute_signature: returning with: -1213 (Unknown data received from card)
P:4060; T:2008 2025-03-12 21:10:02.260 [opensc-pkcs11] card.c:523:sc_unlock: called
P:4060; T:2008 2025-03-12 21:10:02.260 [opensc-pkcs11] reader-pcsc.c:734:pcsc_unlock: called
P:4060; T:2008 2025-03-12 21:10:02.261 [opensc-pkcs11] framework-pkcs15.c:4451:pkcs15_prkey_sign: Sign complete. Result -1213.
P:4060; T:2008 2025-03-12 21:10:02.261 [opensc-pkcs11] misc.c:72:sc_to_cryptoki_error_common: libopensc return value: -1213 (Unknown data received from card)
P:4060; T:2008 2025-03-12 21:10:02.262 [opensc-pkcs11] mechanism.c:608:sc_pkcs11_signature_final: returning with: 5
P:4060; T:2008 2025-03-12 21:10:02.262 [opensc-pkcs11] mechanism.c:465:sc_pkcs11_sign_final: returning with: 5
P:4060; T:2008 2025-03-12 21:10:02.262 [opensc-pkcs11] pkcs11-object.c:809:C_SignFinal: C_SignFinal() = CKR_GENERAL_ERROR
P:4060; T:2008 2025-03-12 21:10:02.263 [opensc-pkcs11] pkcs11-global.c:415:C_Finalize: C_Finalize()
P:4060; T:2008 2025-03-12 21:10:02.263 [opensc-pkcs11] ctx.c:1042:sc_cancel: called
P:4060; T:2008 2025-03-12 21:10:02.263 [opensc-pkcs11] reader-pcsc.c:784:pcsc_cancel: called
P:4060; T:2008 2025-03-12 21:10:02.264 [opensc-pkcs11] slot.c:191:card_removed: Pol Henarejos Pico Key CCID OTP FIDO Interfac 0: card removed
P:4060; T:2008 2025-03-12 21:10:02.264 [opensc-pkcs11] slot.c:501:slot_token_removed: slot_token_removed(0x0)
P:4060; T:2008 2025-03-12 21:10:02.265 [opensc-pkcs11] pkcs11-session.c:145:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x0) 1
P:4060; T:2008 2025-03-12 21:10:02.265 [opensc-pkcs11] pkcs11-session.c:109:sc_pkcs11_close_session: real C_CloseSession(0x4cae30)
P:4060; T:2008 2025-03-12 21:10:02.266 [opensc-pkcs11] pkcs15-pin.c:851:sc_pkcs15_pincache_clear: called
P:4060; T:2008 2025-03-12 21:10:02.266 [opensc-pkcs11] framework-pkcs15.c:2000:pkcs15_logout: Clearing PIN state without calling sc_logout()
P:4060; T:2008 2025-03-12 21:10:02.266 [opensc-pkcs11] framework-pkcs15.c:1778:pkcs15_release_token: pkcs15_release_token() not implemented
P:4060; T:2008 2025-03-12 21:10:02.267 [opensc-pkcs11] slot.c:501:slot_token_removed: slot_token_removed(0x1)
P:4060; T:2008 2025-03-12 21:10:02.267 [opensc-pkcs11] pkcs11-session.c:145:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x1) 0
P:4060; T:2008 2025-03-12 21:10:02.268 [opensc-pkcs11] slot.c:501:slot_token_removed: slot_token_removed(0x2)
P:4060; T:2008 2025-03-12 21:10:02.268 [opensc-pkcs11] pkcs11-session.c:145:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x2) 0
P:4060; T:2008 2025-03-12 21:10:02.268 [opensc-pkcs11] slot.c:501:slot_token_removed: slot_token_removed(0x3)
P:4060; T:2008 2025-03-12 21:10:02.269 [opensc-pkcs11] pkcs11-session.c:145:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x3) 0
P:4060; T:2008 2025-03-12 21:10:02.269 [opensc-pkcs11] pkcs15.c:1387:sc_pkcs15_unbind: called
P:4060; T:2008 2025-03-12 21:10:02.269 [opensc-pkcs11] pkcs15-pin.c:851:sc_pkcs15_pincache_clear: called
P:4060; T:2008 2025-03-12 21:10:02.270 [opensc-pkcs11] misc.c:72:sc_to_cryptoki_error_common: libopensc return value: 0 (Success)
P:4060; T:2008 2025-03-12 21:10:02.270 [opensc-pkcs11] card.c:414:sc_disconnect_card: called
P:4060; T:2008 2025-03-12 21:10:02.271 [opensc-pkcs11] reader-pcsc.c:677:pcsc_disconnect: Pol Henarejos Pico Key CCID OTP FIDO Interfac 0:SCardDisconnect returned: 0x00000000
P:4060; T:2008 2025-03-12 21:10:02.272 [opensc-pkcs11] card.c:434:sc_disconnect_card: returning with: 0 (Success)
P:4060; T:2008 2025-03-12 21:10:02.272 [opensc-pkcs11] ctx.c:1066:sc_release_context: called
P:4060; T:2008 2025-03-12 21:10:02.272 [opensc-pkcs11] reader-pcsc.c:971:pcsc_finish: called
error: PKCS11 function C_SignFinal failed: rv = CKR_GENERAL_ERROR (0x5)
Aborting.