Hi, thanks for your reply. I will try the code in the trunk next week. I already tried the release candidate 0.11.14-rc1. This does not work with our cards, we have the same problem as with version 0.11.12 and 0.11.13.
Regards, Kerstin -----Original Message----- From: Andreas Jellinghaus [mailto:a...@dungeon.inka.de] Sent: Monday, June 14, 2010 7:17 PM To: opensc-devel@lists.opensc-project.org Cc: Horst, Kerstin Subject: Re: [opensc-devel] CardOS 4.3 Am Donnerstag 10 Juni 2010, um 13:58:58 schrieb kerstin.ho...@uv.ruhr-uni- bochum.de: > Hi, > > I am working on the SSO- and Signature-Framework at the Ruhr Universität. > We recently tried to upgrade to version 0.11.13 but encountered some > problems with the apdus sent for digital signature operations. CardOS 4.3 > cards provide two commands for the same functionality, PSO_ CDS and > PSO_DEC. Unfortunately in CardOS the usage of the commands depends on the > signature object created on the card. The cards of Ruhr-Universität Bochum > need PSO_DEC (the Siemens approach for key objects that sign and > decipher). Some changes in OpenSC version 0.11.12 resulted in choosing the > PSO_ CDS command instead of PSO_DEC for our cards. opensc 0.11.11 to 0.11.12 - I can't see any big change that affects the sign-with-decrypt hack. but you could try these changes: --- src/libopensc/pkcs15.h (.../opensc-0.11.11) (Revision 4413) +++ src/libopensc/pkcs15.h (.../opensc-0.11.12) (Revision 4413) -#define SC_PKCS15_CARD_FLAG_SIGN_WITH_DECRYPT 0x10 +#define SC_PKCS15_CARD_FLAG_SIGN_WITH_DECRYPT 0x10000000 that was mostly to make it a flag that is run-time configured only and not written to the card. (i.e. the old code wrote the flag to the card, that shouldn't have happened, and any way the new code should read the card code, and then add any internal flags necessary...) > There has already been a posting by Andreas Jellinghaus at 12.March 2010, > "removing --split-key, using decrypt() for signing keys with usage > sign, > decrypt on cardos". I think the proposed solution should fix the issue. > > The last version that works with the cards of Ruhr-Universität Bochum on OS > Windows is 0.11.11. maybe you could try opensc trunk too? I hope that trunk has the best code we can offer for the problem, mostly working like siemens does, but still working with old opensc cards too. Regards, Andreas _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
