Hi Peter, On Sun, Mar 25, 2007 at 11:42:23AM +0200, Peter Koch wrote: > What's going on is that some TCOS based cards have optional keys. > So when the pkcs15-tcos.c tries to detect a card it looks for the > mandatory keys. For the SmartCard Classic I assumed that the > signature key is contained in every SmartCard Classic.
well, I should have told before, but there actually is another certificate (at DF20C500) which I've ignored since it has the issuer field set to `C=DE, O=DATEV eG, CN=CA DFUE_VPN 1' and made me think that it's only needed when connecting to their data processing center... The other certificates are issued by `C=DE, O=Zertifizierungsstelle E:Secure, CN=CA E:SECURE 5' which is covered by the BNetzA root certificate. Where the DF20C500 one is not. The CA certificate `DFUE_VPN 1' is available from DF20C008. CA Cert: http://brokenpipe.de/misc/chipcard/datevcard-cert-df20c008.txt My Cert: http://brokenpipe.de/misc/chipcard/datevcard-cert-df20c500.txt I think the key is stored at DF205371, but I don't know how to register it in keylist[], what to fill as key_reference? > I'm sure your card has a signature key too but Datev must have > changed its location. Have a look at the output of `opensc-tool -f' at http://brokenpipe.de/misc/chipcard/datevcard-files.txt At least I can't find another certificate. The certificate at DF02C500 has the key usage field set to `Digital Signature' by the way. I don't know whether this is true for the other DATEV cards you know of, especially for the authentification cert (0x47). > When did you buy your card? I got it last week, and it's not valid before March 16, 2007 cheers, stesie -- www.taxbird.de - der freie ELSTER-Client _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
