Am Dienstag, 13. März 2007 17:40 schrieb Simon Eisenmann: > i today recieved the PINs for my ne D-TRUST 2048 Bit signature card > which seems to use Siemens CardOS 4.3B. I can read the certificates and > keys from the card using opensc tools perfectly. > > Though there is a problem when creating a signature (opensc svn trunk).
a) which version of trunk exactly? what card reader are you using? we did some changes recently that might break things - but I think it only affects cards that can only do t=0 with some readers, so it shouldn't be a problem for you. so my wild guess is: can that key be used for both signing and decryption (check with pkcs11-tool or pkcs15-tool) ? cardos doesn't allow that for some stupid reason. in real world it is needed. so there are two hacks for this: a) the opensc hack: store the private key twice - once with key usage sign and once with key usage decrypt, and then choose the right one. b) the siemens hack: store the key as decrypt key and use raw rsa decryption for signing. we haven't implemented b) yet, but we should add it for compatibility. > note: When using opensc 0.11.1 the card is not recognized as cardos (ATR > not in the list of cardos implementation). yes. we added that atr after 0.11.1. Regards, Andreas _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
