Decrypt initialization returns 99

Hi,

When I try to decrypt a message in Java I get the following
error in the
Debug-Logfile of OpenSC:

pkcs11-object.c:723:C_DecryptInit: Decrypt initialization
returns 99

After running OpenSC's pkcs11-tool I found a test which
states the
private key cannot be used for decryption. But why is this
so? Isn't
this the whole point of a private key on a smart card, being
able
to create signatures plus decryption? Please enlighten me.
At the
moment, I read through the PKCS#11 spec but I guess it won't
help
me much in understanding the problem.

Here is the output of pkcs11-tool -t:

---------snip---------
dennist41p:~$ pkcs11-tool -t --pin 0000
C_SeedRandom() and C_GenerateRandom():
  not implemented
Digests:
  all 4 digest functions seem to work
  MD5: OK
  SHA-1: OK
  RIPEMD160: OK
Signatures (currently only RSA signatures)
  testing key 0 (Private Key) 
  all 4 signature functions seem to work
  testing signature mechanisms:
    RSA-PKCS: OK
    SHA1-RSA-PKCS: OK
    MD5-RSA-PKCS: OK
    RIPEMD160-RSA-PKCS: OK
Verify (currently only for RSA):
  testing key 0 (Private Key)
    RSA-PKCS: OK
    SHA1-RSA-PKCS: OK
    MD5-RSA-PKCS: OK
    RIPEMD160-RSA-PKCS: OK
Key unwrap (RSA)
  testing key 0 (Private Key)  -- can't be used to unwrap,
skipping
Decryption (RSA)
  testing key 0 (Private Key)  -- can't b
e used to decrypt, skipping
Testing card detection
Please press return to continue, x to exit: 
---------snip---------

For my environment, here it is: OpenSC (with pcsc-lite). My
smartcard is the G&D Starcos SPK 2.3, my reader the
Reiner SCT pinpad
pro (a). I have created the PKCS#15 structure on the card
via OpenSC's
pkcs15-init tool, created the private/public keys and
uploaded a
certificate.

Dennis
_______________________________________________
opensc-user mailing list
opensc-userlists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-
user