hmm. my vague memory tells me with some cards you generate a private key, and only then - right after generating - you get the public key as response. so it needs to be saved right away as rsa public key object or a certificate signing requests needs to be generated, else you can't download the public key again.
but maybe was only a very strange card or library, and I guess usualy it is not the case. I too expect that most software library + card combinations will have rsa public keys, and even if not, that you can get the public parts from the private key object (maybe a login is required first). I only wanted to note that some strange software/card might be quite limited and cause problems. my advice would be: if people had a certificate on the card, the public key can be read from that. if not, maybe there is a rsa public key that can be used as source. if not maybe the rsa secret key will give you the public key details. I'm not sure if the extra work for those two "if not" is worth the work, but our pam_p11 bug we had these days shows that users expect a card to work without certificates, even though that is very strange for us developers. Regards, Andreas _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel