Andreas Jellinghaus <aj <at> dungeon.inka.de> writes: > > you can either: > a) store the key for decryption only, see the --key-usage parameter to > pkcs15-init. > b) store the key as split key: opensc will store the keys twice, once for > signing and once for decryption, and magically choose the right one. > add "--split-key" option to pkcs15-init > c) the siemens approach: the key is stored as decryption key, and signatures > are created using raw rsa. siemens hipath software initializes cards this > way. opensc does not support this hack yet, we can neither create nor use > cards initialized like this.
Thanks, for answer rich in content. I work with opensc throw Windows CSP (extansion of csp11) on PKCS11 level with ready for using card. So I can't use pkcs15-init.exe tool. I tried use sc_pkcs15init_store_split_key instead of sc_pkcs15init_store_private_key in pkcs15_gen_keypair but it fail also :( Maybe, is a way set it throw configuration profile, or throw C_* function? _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
