On Thu, 12 Apr 2007 07:43, [EMAIL PROTECTED] said: > Looks like it is still impossible to generate certificate request for > encryption-only key. > > Is it needs to be fixed and which way?
For cards which enforce the use of the decryption key you can't do that with client software. You need the help of the CA software. The straightforward way to implement this is by signing the pkcsc#10 using a signing certificate issued to the same subject DN as the requested encryption certificiate. Afaik, cryptlib supports this. Shalom-Salam, Werner _______________________________________________ opensc-devel mailing list [EMAIL PROTECTED] http://www.opensc-project.org/mailman/listinfo/opensc-devel
