Yes, sure. By parsing EF(PukDF) and EF(PrivkDF) on Ceres and DNIe cards, I've found that they uses to same EF to store public and private keys ( by storeing together modulus, public, and private exponent), so direct retrieval of public keys (as "pkcs15-tool --read-public-key ID" does) fails with an obvious "Not Allowed" error.... The only way to extract public keys is by mean of reading certificates
I have a simple patch for pkcs15-tool, that looks for certificates when "Not allowed" is received, but not sure if this is the best way to solve this... apart of this solves pkcs15-tool app, but no others ( ie: "ssh -I pkcs11-module" ). I can send you if interested, but seems so dirty... Is this "feature" common to other cards? If true, what the correct way to make "pkcs15-tool --read-public-keys" and similar apps get working? Juan Antonio _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
