Moin, Am Wed, 19 Jul 2006 22:15:24 +0200 schrieb Andreas Jellinghaus:
> I'll try to find my old patch and commit it and/or send it to you for > testing. So, any news on this? I tried to whip something together myself but couldn't come up with anything even remotely elegant. Part of the problem is that I don't know the maximum record length and number of records. > one more issue I know of is: they use relative paths, we use absolute > paths. we had patches for that too, but my ugly hacked worked, while > the cleaner solutions did not, and I never understood why. > that might be the next issue you can stumble upon. Indeed. What would be right way to solve this? IMHO all sc_path_t should be rewritten to be absolute if they are not, so that we don't have to find all places where the paths are used and rewrite those. But then I didn't find any single central place where one could handle path rewriting so I guess that would have to be done in sc_pkcs15_decode_prkdf_entry etc. Next fun thing: Find out the basedir of the PKCS#15 application to which the paths are relative to. (Though I would be content with my simple approach: use the path of EF(ODF) and strip the final FID.) Oh, and the fun doesn't stop here. I hacked it up so that at least the private keys are found and tried pkcs15-crypt --sign. Didn't work. Turns out that pkcs15-crypt uses CLA=00, INS=2A, P1=9E, P2=9A (COMPUTE DIGITAL SIGNATURE) for signing to which the card responds with SW=6A81 (Function not supported). I tried the proprietory siemens code and that seems to use CLA=00, INS=2A, P1=80, P2=86 (DECIPHER) to do a signature. (Or at least I think so. I did send a signed mail using the proprietory PKCS#11 plugin and this (and the accompanying MANAGE SECURITY ENVIRONMENT commands) where the only security relevant commands.) -- Henryk Plötz Grüße aus Berlin ~~~~~~~ Un-CDs, nein danke! http://www.heise.de/ct/cd-register/ ~~~~~~~ ~ Help Microsoft fight software piracy: Give Linux to a friend today! ~
pgpHyzwqfPpYM.pgp
Description: PGP signature
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
