Hi Andreas, I checked out 0.12.0-svn-r4413. With this version, our cards work again. In the previous versions (up to release candidate 0.11.14) it seems to be the change of flag SC_PKCS15_CARD_FLAG_SIGN_WITH_DECRYPT that caused our problems.
If you like we can send one of our RUB-Cards to you for testing purposes. Thanks for your help Kerstin -----Original Message----- From: Andreas Jellinghaus [mailto:a...@dungeon.inka.de] Sent: Thursday, June 17, 2010 3:45 PM To: opensc-devel@lists.opensc-project.org Cc: Horst, Kerstin Subject: Re: [opensc-devel] CardOS 4.3 Am Donnerstag 17 Juni 2010, um 13:25:42 schrieb kerstin.ho...@uv.ruhr-uni- bochum.de: > Hi, > > thanks for your reply. I will try the code in the trunk next week. good! > I already tried the release candidate 0.11.14-rc1. This does not work with > our cards, we have the same problem as with version 0.11.12 and 0.11.13. of course. we can't fix the bug unless someone can find out what exactly is not working. btw: I assume you have cards initialized with some other software and try to use them with opensc? otherwise we would need to know which opensc version was used to initialize the cards / which to use them. btw: the code for enabling that "sign_with_decrypt" hack is in src/libopensc/pkcs15.c, line 749ff /* for cardos cards initialized by Siemens: sign with decrypt */ if (strcmp(p15card->card->driver->short_name,"cardos") == 0 && scconf_get_bool(conf_block, "enable_sign_with_decrypt_workaround", 1) && ( strcmp(p15card->manufacturer_id,"Siemens AG (C)") == 0 || strcmp(p15card->manufacturer_id,"Prime") == 0 )) p15card->flags |= SC_PKCS15_CARD_FLAG_SIGN_WITH_DECRYPT; i.e. make sure: 1.) your manufacturer_id is "Siemens AG (C)" or "Prime" 2.) you have enable_sign_with_decrypt_workaround turned on (default as far as I know). 3.) you are debugging a _signing_ opteration. 4.) the key usage is both "sign" and "decrypt" not sure if 4.) matters, but maybe the workaround is only used with that situation - if key is signing only, it should be used with sign APDU of course. but if the software used for personalization got that wrong, we would need to add extra code to handle such bugs. Regards, Andreas _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
