Hi,
I would like to advance the ticket #151,
this ticket needs the clarification of the 'Sign by Decryption' status.
As it actually implemented, sign-by-decrypt uses on the card level the
same command as for the 'PSO DEC' operation. Probably it works for other
cards, but not for CardOS.
(I use CardOS v4.3B and manual 'CardOS v4.2B User's Manual 09/2005').
To use sign-by-decrypt this card needs a distinct 'algo-id' when
creating key ('RSA' instead of 'RSA_PURE' currently used by card
driver), and an APDU distinct when getting signature.
For CardOS card there is no means to get the 'algo-id' of existing key,
and the pkcs15 attributes are the only
source of this value.
As for me, the most evident way to support sign-by-decrypt for CardOS is
to enrich 'security environment' with the 'algo-id', to store this value
into the private data of the card driver for the period between
'set_security_env' and 'decipher' and finally deviate to the card
specific 'SIGN BY DECRYPTION KEY' procedure.
Another way is to implement the common 'sign-by-decrypt' handlers, but,
as for me, it's not yet completely justified.
I wonder if CardOS maintainers or CardOS users are interested by such
enhancement,
otherwise I propose to change the type of ticket from 'defect' to
'enhancement'.
Kind wishes,
Viktor.
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
