Hello! > > we can also add a parameter to opensc.conf to enable/disable the feature in > general.
Bad idea. I have card which has 3 certificates: SigG, Auth, Enc. Unfortunately pins for SigG and Enc locked, so I test only Auth. For compute digital signature: SigG use sign (Simon post), Auth use decryption (my card), Enc probably use decryption. So, it doesn't work for all certificates. > any idea how we can improve the logic to find out which cards need this hack > and which don't? Maybe little emulation. Acoording to documentaion, key ids for certificates: Auth - 0x01, Enc - 0x0085. So in: //// static int cardos_set_security_env(sc_card_t *card, const sc_security_env_t *env, int se_num){ if(env->key_ref[0] == 0x01 || env->key_ref_len == 2 && env->key_ref[0] == 0x00 && env->key_ref[1] == 0x85)){ env->operation = SC_SEC_OPERATION_DECIPHER; ... } ... } //// > > Regards, Andreas > _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel