Issue 133933 in chromium: ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED

[chro...@googlecode.com]

Status: Untriaged
Owner: ----
Labels: Feature-ChromeFrame Type-Bug OS-Windows Pri-2

New issue 133933 by nbranqui...@gmail.com:
ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED
http://code.google.com/p/chromium/issues/detail?id=133933

ChromeFrame version: <from gcf:about:version>

Related URL(s): https://servicos.min-saude.pt/acesso/faces/Login.jsp

Steps to reproduce the issue:
1. Select "Cartão Cidadão" to do login with my smart cart (Citizen card)
2.Chrome asks for certificate and PIN
3.When I click OK at PIN

What do you expect to happen?
Return to page with login done.

What do you see instead?
(Only happens with chrome)
page error:

Esta página Web não está disponível
A página Web em https://servicos.min-saude.pt/cgi-bin/ccUTauth poderá estar
temporariamente inactiva ou poderá ter sido movida permanentemente para um
novo endereço Web.
Erro 141 (net::ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED): Erro desconhecido.

[chro...@googlecode.com]

Updates:
Labels: Internals-Network-SSL Area-Internals

Comment #1 on issue 133933 by rsl...@chromium.org:
ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED
http://code.google.com/p/chromium/issues/detail?id=133933

It sounds like you're trying to use your citizen card/Cartão de Cidadão.

Just to confirm, it looks like
http://en.wikipedia.org/wiki/Citizen_Card_(Portugal) , right?

Do you happen to know the reader you're using (Manufacturer and model #
would be fantastic)!

[chro...@googlecode.com]

Comment #2 on issue 133933 by rsl...@chromium.org:
ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED
http://code.google.com/p/chromium/issues/detail?id=133933

Assuming that I've identified the smart card correctly, based on the
specification for the middleware on
https://www.portaldocidadao.pt/ccsoftware/CC%20Technical%20Reference%20v1.24.1%20PT.pdf ,
it suggests the smart card middleware provider fails to properly implement
CryptGetKeyParam(..., KP_ALGID, ...).

I seem to recall this being required by the Microsoft CSPDK (which has been
removed from Microsoft downloads). It definitely sounds like a bug in the
middleware though. A scan through the pages at
http://www.cartaodecidadao.pt (machine translated from Portuguese ->
English) didn't seem to provide any technical contacts, but as I may have
missed something.


If you do have a technical contact, the following may help them:
One solution would be to run the CryptoAPI Test Suite (
http://www.microsoft.com/en-us/download/details.aspx?id=12093 ) against the
card. It should be possible to run the GUI harness (RunSuite.exe). It would
need to be run against the smart card's CSP (I don't know what the name
would be), the Positive, Negative, and Scenario test cases (Test #'s 1, 2,
3), the API of CryptGetKeyParam & CryptSetHashParam (APIs #13 and #8,
respectively), with a full log file generated (-p), and the smart card flag
passed (-s). Back when I could access the Smart Card Cookbook, we were
fully compliant with the SChannel test suite for smart card auth. I may
have a copy on backup that I can restore somewhere.