Hello!
>
> we can also add a parameter to opensc.conf to enable/disable the feature in
> general.
Bad idea. I have card which has 3 certificates: SigG, Auth, Enc. Unfortunately
pins for SigG and Enc locked, so I test only Auth.
For compute digital signature: SigG use sign (Simon post), Auth use decryption
(my card), Enc probably use decryption.
So, it doesn't work for all certificates.
> any idea how we can improve the logic to find out which cards need this hack
> and which don't?
Maybe little emulation.
Acoording to documentaion, key ids for certificates:
Auth - 0x01, Enc - 0x0085.
So in:
////
static int
cardos_set_security_env(sc_card_t *card,
const sc_security_env_t *env,
int se_num){
if(env->key_ref[0] == 0x01 ||
env->key_ref_len == 2 &&
env->key_ref[0] == 0x00 &&
env->key_ref[1] == 0x85)){
env->operation = SC_SEC_OPERATION_DECIPHER;
...
}
...
}
////
>
> Regards, Andreas
>
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
