Hi Peter, I do not intent to use pkcs15-init to *create* file system. I just need it to *modify* file content from PKCS#11 interface.
I wish I could avoid pkcs15-init, but there is no other way, as Viktor confirmed. The OpenSC-PKCS11 always refers to pkcs15-init to do writing/updating. > > The purpose of pkcs15-init is to create a PKCS#15 filesystem layout > on a card. In fact, it does more things than just creating PKCS#15 file system. You can see the sc_pkcs15init_operations struct in pkcs15-init.h file. It has members "store_key", "generate_key", "emu_store_data" which I may want to use. > > So the only thing pkcs1-init might do is to change the contents of certain > already existing DOs on an OpenPGP card. And this might happen via > emulated UPDATE BINARY commands (which would do PUT DATA instead). Yes, that's what I need from pkcs15-init. > > But changing the contents of DOs on an OpenPGP card is exactly > what the gpg administration tools do, so why reimplementing this into > pkcs15-init Because I want it possible to do those administrative things from Firefox/Thunderbird, via PKCS#11. For example, I want to use Firefox to import X.509 certificate from *.p12 file to OpenPGP card. Or when a website use Firefox API to generate key and certificate (like startssl.com), I want the generated certificate to be stored right into the card. > > And I'm afraigth that those things that "gpg --edit-card" cannot do > are impossible to do. > > You cannot create a private key file on an OpenPGP card. There are > 3 of them already on every OpenPGP card and the only thing you can > do is to replace their contents. > > Same situation with certificates: You cannot create them. There's one > DO on an OpenPGP card meant to store one certificate. You can > replace its content with a PUT DATA but I don't see any possibility > to create additional certificates. Yes, I don't want to create, just want to change. I won't implement the "create" parts in pkcs15-init, just the "update" parts. For the "create" parts, I will redirect it to change existing objects. If my explanation is not clear, don't hesitate to ask more :). Thank for your care. -- Regards, Quân _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
