Hi, I'm digging around the innards of the PKCS#11 layer (regarding a problem I'll get discuss later), but there is some inconsistency between PKCS#15 and PKCS#11 that I'm not able to make sense of.
PKCS#11 requires that you can get CKA_MODULUS on a private key, but PKCS#15 does not guarantee that the modulus is available on the card as far as I can tell. Although rare, it seems fully possible to only have a private key on the card, protected where you cannot extract it. So how is one supposed to write a PKCS#11 layer for a PKCS#15 card in this scenario? Right now OpenSC relies on there being either a public key object or a certificate on the card that corresponds to the private key, but that does not seem to be guaranteed. Rgds -- Pierre Ossman OpenSource-based Thin Client Technology System Developer Telephone: +46-13-21 46 00 Cendio AB Web: http://www.cendio.com
signature.asc
Description: PGP signature
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
