On Wednesday, 23. May 2012, Peter Koch wrote: > Hi Quân > > [ ... ] > So the only thing pkcs1-init might do is to change the contents of certain > already existing DOs on an OpenPGP card. And this might happen via > emulated UPDATE BINARY commands (which would do PUT DATA instead). With CREATE / WRITE / UPDATE commands properly emulated, it might even work with them (i.e. they'd need to map to PUT DATA sowehow). Of course this would only work with opensc, not with pute APDUs sent.
> But changing the contents of DOs on an OpenPGP card is exactly > what the gpg administration tools do, so why reimplementing this into > pkcs15-init Because it * looks possible ;-) * helps to better understand PC/SC, opensc, gpg, ... * is fun * may improve opensc's PKCS#* support for OpenPGP cards * ... > And I'm afraigth that those things that "gpg --edit-card" cannot do > are impossible to do. How can one write a certificate to an OpenPGP card using gpg? What about the DOs 0101 - 0104? > You cannot create a private key file on an OpenPGP card. There are > 3 of them already on every OpenPGP card and the only thing you can > do is to replace their contents. For the physical layer you're absolutely right. But why shouldn't it be possible on the emulated logical layer. By opensc's abstraction machanism we have more freedom here. > Same situation with certificates: You cannot create them. There's one > DO on an OpenPGP card meant to store one certificate. You can > replace its content with a PUT DATA but I don't see any possibility > to create additional certificates. Dito I consider Quân's goal a very honorable one. Even if we do not reach 100% compatibility, his work should be honored. > Peter Dito ;-) -- Peter Marschall pe...@adpm.de _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
