Hi,
Thanks to Yannick Leplard for analyzing and reporting this problem.
In onepin mode and when the first certificate is added to a SC by itself
(not through a PKCS12), the ACL of PKCS15-CDF (5015/4404) is set to
NONE... If the same certificate is added through a PKCS12, the ACL is
correctly set to CHV1. There is no problem with the others xDF.
This bug is present on MacOSX and on Linux (recent svn). And is not card
specific (present on SetCos and CryptoFlex).
A little script to reproduce the bug:
#!/bin/bash
openssl req -new -newkey rsa:1024 -nodes -x509 -keyout test.key -subj
/CN=JoTest -out test.pem
openssl pkcs12 -export -out test.p12 -passout pass:test -name JoTest
-inkey test.key -in test.pem
pkcs15-init -T -E
pkcs15-init -T -C -p pkcs15+onepin -l "Test" --pin 1234 --puk 1234
pkcs15-init -S test.key -l "Test" -a1 -i 50 --pin 1234
pkcs15-init -X test.pem -l "Test" -a1 -i 50 --pin 1234
#pkcs15-init -S test.p12 -f PKCS12 -a 1 --pin 1234 --passphrase test
opensc-explorer <<END
cd 5015
info 4404
quit
END
Cheers,
Jean-Pierre
--
Dr Jean-Pierre Szikora e-mail: [EMAIL PROTECTED]
tel: 32-2-764.75.00
74, av. Hippocrate - UCL 7459 fax: 32-2-764.65.65
1200 Brussels - Belgium PGP key: 0x6FCD7405
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
