Hi,
>This kind of card contains more then one certificate that correspond >to the same private key and now all this certificates will be given the >same ID (namely the ID of the corresponding private key). >IS THAT CORRECT BEHAVIOUR ???? There are no papers describing the NetkeyE4-standart in this detail? So we are just concluding on it from seeing it implemented? May be the cards here to not follow NetkeyE4 correctly, how would we notice? I wonder how you will conclude on the correct private-key from looking at the cert. >If yes - how is pkcs15-tool -r <ID> supposed to work if the given >ID is non-unique. Looks like one would need an other vector/number to describe, i.e. ising ID 1.1 or something. I have an idea for a different implementation: leave the current counting of certs as it is. When an application tries to use cert with an ID that has no private key with the same ID decrease the ID until we hit the ID of an existing private key. That way i could still address all certs on the card, which is a problem at the moment with the dirty hack. OpenSwan should a) ask for the cert with ID 2 and get it, and b) ask for privatekey ID 2 and get it. I have no clue about smartcards, dont take me too serious ;) Greetings, Christian. _______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
