Hi, > That's a quick (and dirty) hack. Yes, but seems to do what i want. If more people need this and i have overseen an official way to configure this it could be implemented i.e. using opensc.conf .
> Could you please supply more details > what exactly you are trying to do. I want to run OpenSwan. Using clean opensc when using key 1 on the card cert 1 is used, modified opensc now uses cert 2. Havent seen a way to configure this in OpenSwan. The correct cert should be in use now, the other end of the tunnel (Checkpoint FW-1) sends some '[23] unknown user', will have to look at the firewall-debuglogs for that. > A NetKey card has 3 keys, 3 read-only > certificates and 6 empty certificate files where you can store your > own certificates. It's quite normal that a card has more than one > certificate per key so you normally don't have a one-to-one mapping > between key-ids and cert-ids. http://fluxcoil.net/files/netkey_e4_dump.txt shows the output of pkcs15-tool . > What happens very often is that your card does not contain public > keys. In this case the public key corresponding to private key X > will be extracted from certificate X. This means that for each > private key there must exist either a public key or a certificate > with the same ID. Only certs on the card. > Your software should be able to use a certificate even if the private > key that corresponds to your certificate has a different id. If > you want to use the private key that corresponds to a certificate > with a certain id do NOT assume that this private key has the > same id. Didnt see this config-option in OpenSwan. Greetings, Christian. _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel