On Tue, 2010-08-31 at 18:40 +0200, Viktor TARASOV wrote: > Andre Zepezauer wrote: > > On Mon, 2010-08-30 at 15:19 +0200, Viktor TARASOV wrote: > > > >> Aventra development wrote: > >> > >>> The 1K key generation works nicely, but we are having a problem > >>> generating a 2K key using OpenSC 0.11.13 and our own MyEID card. > >>> > >>> OpenSC correctly finds a new file id and creates the file, and after > >>> that it tries to store the key to that file. > >>> > >>> The issue is that the created file’s size is only 1024 bytes, so the > >>> card will answer with 67 00 (Wrong length). > >>> > >>> Some code in OpenSC decides to create the wrong sized file, but I have > >>> not been able to find it. > >>> > >>> Now I’m curious that, does other cards work when generating (or just > >>> loading) 2048 byte keys? > >>> > >>> > >> For me, to generate the 2048 bits key on the Aventra card, > >> the following path was needed to be applied to the OpenSC trunk. > >> > >> If no objection, I'll commit this patch to trunk. > >> > > > > Hello Viktor, > > > > I would write the check for supported modulus length a bit more generic. > > But it's functional the same like yours, because myeid supports only > > 1024 and 2048 bit (at least the driver does). Therefore it doesn't > > matter a lot. > > > > #include "internal.h" > > > > pkcs15init/pkcs15-myeid.c:513 > > /* check that the card supports the requested modulus length */ > > if (_sc_card_find_rsa_alg(p15card->card, keybits) == NULL) > > SC_TEST_RET(ctx, LEVEL, ERROR, MSG); > > > > Agree, it's much better. > I hope that Toni (maintainer of myEID driver) have no objections. > > > On the other hand it would be fine to give a good example, because > > someone may want to copy+paste your code. See copy+paste in the card > > drivers [1]. > > > > The same check also occurs in line 427, 514, 574, 637. And interestingly > > _always_ some lines below there is the following conditional assignment: > > if (file->size < 1024) > > file->size = 1024; > > > > Will you prepare the patch?
Haven't the required hardware, therefore testing isn't possible to me. But if someone would send me some pieces of these cards, I could do it myself the next time. > > Regards > > Andre > > > > Kind wishes, > Viktor. > > > [1]http://www.opensc-project.org/pipermail/opensc-devel/2010-August/014615.html > > > > > > > > > > _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
