[opensc-devel] Getting modulus without a cert or pubkey?
Hi, I'm digging around the innards of the PKCS#11 layer (regarding a problem I'll get discuss later), but there is some inconsistency between PKCS#15 and PKCS#11 that I'm not able to make sense of. PKCS#11 requires that you can get CKA_MODULUS on a private key, but PKCS#15 does not guarantee that the modulus is available on the card as far as I can tell. Although rare, it seems fully possible to only have a private key on the card, protected where you cannot extract it. So how is one supposed to write a PKCS#11 layer for a PKCS#15 card in this scenario? Right now OpenSC relies on there being either a public key object or a certificate on the card that corresponds to the private key, but that does not seem to be guaranteed. Rgds -- Pierre OssmanOpenSource-based Thin Client Technology System Developer Telephone: +46-13-21 46 00 Cendio ABWeb: http://www.cendio.com signature.asc Description: PGP signature ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] pkcs15 init, problem with the profile
Hi! We are trying to implement the pkcs15 initialization to the MyEID cards and cant get it to work. The current problem is that the ACL definitions are not set correctly according to how we have set them in the profile file. The ACL written to the card is always 0, regardless of what the profile has set. The MyEID drivers function that gets called, receives the ACL values 0 every time. We tried to look at the other drivers code, but could not find a solution there. Does anybody know where the problem might be? Does the other drivers work when initializing a card, and is the ACL set correctly? Any help would be much appreciated. Otherwise we have to do as many others, develop own tool for the initialization. At this point it feels that that would be much easier, that trying to fully understand why the profile handling does not work. Regards, Toni ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
