Hi Simon, On Tuesday 04 September 2007 17:05:54 Simon Eisenmann wrote: > while testing the upcoming opensc release 0.11.4 i noticed that D-Trust > 2048bit cards stopped working (Card OS 4.3) and telling me:
thanks for testing! > http://www.opensc-project.org/opensc/changeset/3223 > > This is not true for all cardos based cards and prevents D-Trust 2048 > bit cards from creating a signature and the signature key does not allow > decryption. When removing this flag, it works fine. any idea how we can improve the logic to find out which cards need this hack and which don't? we can also add a parameter to opensc.conf to enable/disable the feature in general. but without patches neither is ready in time for 0.11.4. but we can fix it in 0.11.5. > Also there is still the issue with the trial and error code in > card-cardos.c (as RSA_PURE_SIG does not work with these cards). isn't that a restriction of the card? if a key is signing only it wouldn't be uncommon if it was restricted to payloads much smaller than the key. > So right now i have to apply two patches to opensc for support of new > D-Trust 2048 bit signature cards. the first is undoing change set 3223? what is the second one? Regards, Andreas _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel