Hi Viktor, Thanks for your guide, but...
On 05/21/2012 09:00 PM, Viktor Tarasov wrote: > 5015 comes from your pkcs15init profile > https://github.com/hongquan/OpenSC-OpenPGP/commit/9b2ea7689b461c31b7ffda736d2c9dc332491562#L1R59 > where your crypto objects are put inside the 'DF PKCS15-AppDF'. > > Path for this DF is not defined in openpgp profile, > so, it takes it from the upper profile -- pkcs15.profile. > https://github.com/hongquan/OpenSC-OpenPGP/blob/openpgp/src/pkcs15init/pkcs15.profile#L135 > > Never tried it myself, but you can try the openpgp profile without > 'PKCS15-AppDF'. I removed the PKCS15-AppDF from the openpgp.profile (see my attachment) and bring up "template key-domain" block to right under "DF MF", but the pkcs15-init still fills 5015 to the path: 0xb72236c0 09:33:58.561 [pkcs15-init] pkcs15-lib.c:1530:sc_pkcs15init_store_certificate: Store cert(Certificate,ID:707d8f9e04a18d5e7a4b3c3adebe8124cda8c310,der(0x9dd82a0,753)) 0xb72236c0 09:33:58.562 [pkcs15-init] pkcs15-lib.c:1720:sc_pkcs15init_store_data: called 0xb72236c0 09:33:58.562 [pkcs15-init] pkcs15-lib.c:2274:select_object_path: called 0xb72236c0 09:33:58.562 [pkcs15-init] pkcs15-lib.c:2299:select_object_path: key-domain.certificate @3f005015 (auth_id.len=0) 0xb72236c0 09:33:58.562 [pkcs15-init] profile.c:691:sc_profile_instantiate_template: Instantiating template key-domain at 3f005015 0xb72236c0 09:33:58.562 [pkcs15-init] profile.c:774:sc_profile_instantiate_file: Instantiated private-key at 3f0050155f48 0xb72236c0 09:33:58.562 [pkcs15-init] profile.c:775:sc_profile_instantiate_file: parent=PKCS15-AppDF@3f005015 0xb72236c0 09:33:58.562 [pkcs15-init] profile.c:774:sc_profile_instantiate_file: Instantiated public-key at 3f0050157f49 0xb72236c0 09:33:58.562 [pkcs15-init] profile.c:775:sc_profile_instantiate_file: parent=PKCS15-AppDF@3f005015 0xb72236c0 09:33:58.562 [pkcs15-init] profile.c:774:sc_profile_instantiate_file: Instantiated certificate at 3f0050157f21 0xb72236c0 09:33:58.562 [pkcs15-init] profile.c:775:sc_profile_instantiate_file: parent=PKCS15-AppDF@3f005015 0xb72236c0 09:33:58.562 [pkcs15-init] profile.c:774:sc_profile_instantiate_file: Instantiated privdata at 3f0050150101 0xb72236c0 09:33:58.562 [pkcs15-init] profile.c:775:sc_profile_instantiate_file: parent=PKCS15-AppDF@3f005015 0xb72236c0 09:33:58.562 [pkcs15-init] pkcs15-lib.c:2321:select_object_path: instantiated template path 3f0050157f21 0xb72236c0 09:33:58.562 [pkcs15-init] pkcs15-lib.c:2350:select_object_path: returns object path '3f0050157f21' ... 0xb72236c0 09:33:58.562 [pkcs15-init] pkcs15-lib.c:528:sc_pkcs15init_delete_by_path: trying to delete '3f0050157f21' 0xb72236c0 09:33:58.562 [pkcs15-init] card.c:571:sc_select_file: called; type=2, path=3f0050157f21 0xb72236c0 09:33:58.562 [pkcs15-init] card-openpgp.c:714:pgp_select_file: called 0xb72236c0 09:33:58.562 [pkcs15-init] card-openpgp.c:739:pgp_select_file: returning with: -1201 (File not found) Or the layout with PKCS15-AppDF is mandatory from the pkcs15 view? If yes, I will consider to change the emulated file system layout in the OpenPGP driver. @Peter Marschall: You and me are working on OpenPGP. How do u think about changing the emulated file layout. How should I do to not break too much the code base? > If you are going to use the common pkcs15 and pkcs15init framework , > you have to fill at least the 'write' hadle with the meanigfull actions . > https://github.com/hongquan/OpenSC-OpenPGP/blob/openpgp/src/libopensc/card-openpgp.c#L827 > Inside this handle the 'PUT DATA' or else can be used -- it's doesn't > matter. Thanks. -- Regards, Quân
# # PKCS15 profile, generic information. # This profile is loaded before any card specific profile. # cardinfo { min-pin-length = 6; # max length should be overridden in the per-card profile max-pin-length = 12; # To be defined } # Default settings. # This option block will always be processed. option default { macros { protected = *=$SOPIN, READ=NONE; unprotected = *=NONE; so-pin-flags = local, initialized, soPin; so-min-pin-length = 8; so-pin-attempts = 3; so-auth-id = FF; odf-size = 256; aodf-size = 256; cdf-size = 512; prkdf-size = 256; pukdf-size = 256; dodf-size = 256; } } # Define reasonable limits for PINs and PUK # Note that we do not set a file path or reference # for the user pin; that is done dynamically. PIN user-pin { attempts = 3; flags = local, initialized; } PIN so-pin { auth-id = $so-auth-id; attempts = $so-pin-attempts; min-length = $so-min-pin-length; flags = $so-pin-flags; } filesystem { DF MF { path = 3F00; type = DF; # This template defines files for keys, certificates etc. # # When instantiating the template, each file id will be # combined with the last octet of the object's pkcs15 id # to form a unique file ID. template key-domain { # This is a dummy entry - pkcs15-init insists that # this is present EF private-key { file-id = 5F48; ACL = *=NEVER, CRYPTO=$PIN, UPDATE=$PIN; } # public keys EF public-key { file-id = 7F49; structure = transparent; ACL = *=NEVER, READ=NONE, UPDATE=$PIN, ERASE=$PIN; } # Certificate template EF certificate { file-id = 7F21; structure = transparent; ACL = *=NEVER, READ=NONE, UPDATE=$PIN, ERASE=$PIN; } # private data objects are stored in transparent EFs. EF privdata { file-id = 0101; structure = transparent; ACL = *=NEVER, READ=$PIN, UPDATE=$PIN, ERASE=$PIN; } } } }
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel