Fre 13 Nov 2009 15:39:20 CET - [opensc-pkcs11] pkcs11-
object.c:43:C_CreateObject: C_CreateObject(): CKA_VALUE =
308205C4308204ACA003020102021000870336DB6598889B16367306D4782330
Fre 13 Nov 2009 15:39:20 CET - [opensc-pkcs11] card.c:285:sc_lock: called
Fre 13 Nov 2009 15:39:20 CET - [opensc-pkcs11] card.c:668:sc_card_ctl: called
Fre 13 Nov 2009 15:39:20 CET - [opensc-pkcs11] card-
cardos.c:925:cardos_lifecycle_set: called
C_CreateObject was called to store a certificate.
Then cardos_lifecycle_set is called.
cardos_lifecycle_set seems only be called from cardos_card_ctl with
SC_CARDCTL_LIFECYCLE_SET as parameter.
sc_pkcs15init_set_lifecycle(sc_card_t *card, int lcycle)
return sc_card_ctl(card, SC_CARDCTL_LIFECYCLE_SET, &lcycle);
ah, here it is called. looks like the only caller to me.
This again is called from pkcs15init/pkcs15-lib.c and pkcs15-cardos.c
in several places.
So, the cards Marc and Freddy have should work well for their purpose
(storing a certificate), even if the lifecycle can't be changed.
Marc/Freddy: can you recompile opensc yourself, and edit src/libopensc/card-
cardos.c (look for cardos_lifecycle_set and make it return
SC_ERROR_NOT_SUPPORTED) - then try again storing a certificate.
if that works, we can figure out a cleaner way to implement a workaround
for your cards. for example if you change your card ATR (as you mentioned),
it can be used to detect your cards. or those SigG components you mentioned -
the card driver could see if they are on the card and if so enable swisssign
mode.
Regards, Andreas
p.s. send a new opensc debug log file with those changes, so we can see
what fails next - lifecycle is only the first issue isolated so far.
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
