Hello,
On Jan 2, 2011, at 6:24 PM, Viktor TARASOV wrote:
> Martin Paljak wrote:
>>>
>>>
>> This will hold plaintext RSA private key parameters. Why? When importing a
>> private key, the key object should already come from pkcs15-init (or
>> equivalent)?
>>
> 'data.prvkey' is used to pass the key material from 'pkcs15init' to
> 'libopensc' when importing RSA key .
No other driver has the need to use card specific data structures to keep the
extra copy of the key.
This is the API in src/pkcs15init/pkcs15-init.h
int (*store_key)(struct sc_profile *, struct sc_pkcs15_card *,
struct sc_pkcs15_object *,
struct sc_pkcs15_prkey *);
Why using the incoming sc_pkcs15_prkey is not enough?
>> Also, why are there authentic_pkcs15_fix* functions in pkcs15-authentic.c?
>> Why the caller or the driver can't do the "right" think from the start?
>>
> It's difficult to do for 'caller', better do it at the level that have
> an access to PKCS#15 -- 'pkcs15init' or 'pkcs15' in libopensc.
>
> Fix* functions is used when creating new file or SDO, and so, it seems
> natural to implement them in the pkcs15init part.
>
> Example:
> in card profile the 'CHV' method for the ACLs codes is used.
> To encode 'accessControlRules' we need the Pkcs#15 ID of authentication
> object that contains the reference to CHV PIN.
> (For Ias/Ecc card, that is comming soon, to encode ACLs of file or SDO
> the SE number has to be deduced from the CHV number.)
>
> Probably it also could be done at the libopensc level, but for a while I
> would not like to avoid the massive usage of the sc-pkcs15-* functions
> in the card libopensc driver.
OK, reasonable.
--
@MartinPaljak.net
+3725156495
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
