Andreas Jellinghaus wrote:
is this correct? applications are best of to extract the public key from a cert and look for a private key with the same public key.
this of course only works if the public key information is stored within the private key object and that is not necessarily the case (as it would waste space)
the assumption certificate id -> private key id might work as well, but might also not work in other situations (for example two certificates with the same key - thus one has an id mismatch).
"certificate id -> private key" still works but not necessesarily "private key id -> certificate" (but in case of certificates you normally search for a certificate with certain attributes anyway (i.e. a cert for authentication etc.)).
I guess we would do good, if we had a wiki page with suggestions for developers how to integrate smart cards and example code.
agree (open a ticket ? pkcs15 or pkcs11 or both ?) Cheers, Nils _______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
