Le mardi 26 avril 2011 à 16:38 +0300, Martin Paljak a écrit : > For the sake of purity, I don^t think that --list-public-keys should > display a fake public key object, which does NOT exist on the card in > relevant PKCS#15 structures. but patches for documentation are most > welcome.
I understand your point of view. 1) IMHO the public key really exists on card as soon as it derives from the private key. This is the duality of asymmetric key encryption. 2) The discussion whether a public key should exist as an independent object to be listed is secondary. From a user point of view, we should be able to ask "What are all available public keys?". What is important is that users are going to use the public key. Telling users "No there is no public key" because of a technical issue X is nonsense from a usage point of view but also in crypto. 3) Now about your question on deletion: clearly, virtual public keys should not be deleted. You have to delete the private key. 4) To make a comparison, take the example of a driver and a car maker. The car maker believes the car should not include the airbag because the speed limit is 50 km. But drivers are going to drive faster than 50 km as they need to go to work. So should we include an airbag or not. What is important is what users are going to do with the car. So we really need to stick to reality and get the airbag. The same happens with OpenSC. People are going to use OpenSSH or VPN X/Y and they need to know which public keys they are going to use, quickly. Thinking they can access OpenSC documentation and get education is not the right way to analyse the problem. Kind regards, -- Jean-Michel Pouré - Gooze - http://www.gooze.eu _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel