Christian Horn wrote:
...
If yes - how is pkcs15-tool -r <ID> supposed to work if the given
ID is non-unique.
Looks like one would need an other vector/number to describe, i.e.
ising ID 1.1 or something.
I have an idea for a different implementation: leave the current counting
of certs as it is. When an application tries to use cert with an ID that
has no private key with the same ID decrease the ID until we hit the ID
of an existing private key. That way i could still address all certs on
the card, which is a problem at the moment with the dirty hack.
OpenSwan should a) ask for the cert with ID 2 and get it, and b) ask
for privatekey ID 2 and get it.
this would require a changes in every application using libopensc
(including pkcs11), hence not a good idea :)
Cheers,
Nils
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
