Frederic Detienne wrote:
...
C_FindObjectsFinal ()
(the question is whether pkcs15-tool is supposed to rely on pkcs#11 to
display all those objects, and if not, how it is supposed to do).
if pkcs15-tool is asked to return the certificate objects with
a certain attribute (in this case the id) it should return all
objects that have the attribute.
back to the original question, then: how ? What is the pure pkcs#15 API
that lets one do this ? (in fact, it has to be an openct or pcsc/lite
api).
sorry but what do exactly want ? pkcs15 doesn't define an API,
opensc offers a for the pkcs15 objects (the opensc pkcs15 api)
and as far as openct/pcsc-lite is concerned: do you really want
a sequence of raw APDUs (as this is what is given to these APIs) ?
actually it's not that odd. For example cardos m4 smartcards normally
only allow either signing or decryption with a specific key, hence in
order to able to use a key for both operation you need two copies
of this key (with different attributes)
ah but then, the ID has to be different. I do not know for decryption
but Authentication should have ID=45 and Signing should have ID=46.
no, they must have the same [key] id and according to the pkcs11
recommendation the id would be more likely the SHA-1 digest of
the public key (but of course 45 is easier to enter on the command
line)
Cheers,
Nils
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
