Dear Andre, > it would be nice, if you could provide some more information about the > card you are working on. What I'm interested in is: If there are keys on > the card which are usable for signing but not for decrypting or vice > versa (in context of pkcs11/15)? And if so, is the pkcs1 padding for > this keys is added/removed by the card or is it done in the library?
Yes. The main key can be used by policy for both signing and encryption/decryption, but the card won't accept the CDS command, so that at the driver level, the key can only be used for encryption/decryption. IIRC the padding is performed by the library; the card blindly encrypts the given block (but, alawys IIRC, does require that the block is PKCS #1 compliant). > The point is, that I'm having a local patch for the cardos driver that > works without the try-and-fail hack and doesn't even need the NEED_USAGE > mechanism. It works perfectly for me but isn't a general solution yet. > Depending on the keys on your card it could be helpful for you too. It could be definitely helpful. Thank you very much! -- Emanuele _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel