Hi, while testing the upcoming opensc release 0.11.4 i noticed that D-Trust 2048bit cards stopped working (Card OS 4.3) and telling me:
[test] card-cardos.c:427:cardos_select_file: called [test] card-cardos.c:431:cardos_select_file: returning with: 0 [test] card.c:554:sc_select_file: returning with: 0 [test] pkcs15-sec.c:150:sc_pkcs15_compute_signature: called [test] pkcs15-sec.c:73:sc_pkcs15_decipher: called [test] pkcs15-sec.c:80:sc_pkcs15_decipher: This key cannot be used for decryption I wondered why it should use decryption while creating a signature and found the following changeset: http://www.opensc-project.org/opensc/changeset/3223 This is not true for all cardos based cards and prevents D-Trust 2048 bit cards from creating a signature and the signature key does not allow decryption. When removing this flag, it works fine. $ pkcs15-tool -k Private RSA Key [SigG Signature Key] Com. Flags : 1 Usage : [0x204], sign, nonRepudiation Also there is still the issue with the trial and error code in card-cardos.c (as RSA_PURE_SIG does not work with these cards). So right now i have to apply two patches to opensc for support of new D-Trust 2048 bit signature cards. Best regards, Simon -- Simon Eisenmann [ mailto:[EMAIL PROTECTED] ] [ struktur AG | Kronenstraße 22a | D-70173 Stuttgart ] [ T. +49.711.896656.68 | F.+49.711.89665610 ] [ http://www.struktur.de | mailto:[EMAIL PROTECTED] ]
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
