Nils Larsch wrote:
that's not surprising. old cardos cards couldn't sign and decrypt with the same key
Do you mean that new cardos cards don't have this limit? From what version? Is anyone aware of the reason of this limit?
and for these keys it was necessary to create signature with the DECIPHER command. One could implement a workaround in the cardos driver that would try to create a signature with the decipher command if the COMPUTE SIGNATURE doesn't work.
The same workaround could be implemented in the keypair generation process, in such a way that all-purpose key generation operation will be converted to decipher-only key generation if the first fails. This will fix mozilla PKCS#11 keypair generation with cardos cards.
-- Alessandro
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
