Hello, 2011/4/26 Jean-Michel Pouré - GOOZE <jmpo...@gooze.eu>: > Le mardi 26 avril 2011 à 08:23 +0300, Martin Paljak a écrit : >> pkcs15-tool is a (G)UI as well. And to my knowledge it does what it >> advertises. > Now, we come to the point: > * pkcs15-tool --list-public-keys > returns nothing > > * pkcs15-tool --read-public-key c81e42ceda0bc1d65c9051b0eb8679e29dd6c067 > returns the public key
This is because of http://www.opensc-project.org/opensc/browser/trunk/src/tools/pkcs15-tool.c#L649 > From a user point of view, this is an inconsistency. > > In my previous emails, I was suggesting that pkcs15-tool > --list-public-keys may return all usable keys, even when public objects > don't exist on card. The shortest fix is adding proper documentation about what --read-public-key does, and that it makes a shortcut to the certificate if it does not find a public key object with the given ID. Generic education (instead of application feature) that certificates contain public keys does not hurt anyone either I think. Fetching a public key from a certificate is already a convenience feature. For the sake of purity, I don^t think that --list-public-keys should display a fake public key object, which does NOT exist on the card in relevant PKCS#15 structures. but patches for documentation are most welcome. Martin _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel