On Wed, 2010-10-06 at 13:08 -0500, Douglas E. Engert wrote: > > On 10/6/2010 12:11 PM, Andre Zepezauer wrote: > > Hello Douglas, > > > >> One of the operations I need for the PIV card is to get the public > >> key from the certificate, as pubkey needs to be emulated for thes cards. > > > > Please could you explain, why it is required to extract the public key > > from the certificate within OpenSC. I know that other emulators do it, > > but I don't know why. > > The PIV card does not contain separate pubkey or privkey objects. It has > private keys, but you can only refer to them by using the APDU P1 and P2. > Where P2 is the key reference, and P1 is the algorithm identifier: > 05 = RSA-3072 > 06 = RSA-1024 > 07 = RSA-2048 > 11 = EC-prime256v1 > 14 = EC-secp384r1 > See NIST 800-78-2 tables 6.1 and 6.2 > > So the only way to figure out what P1 should be is to read the certificate > and get the pubkey and its sizes.
According to NIST 800-73-3 Part 1 / Appendix C "PIV Algorithm Identifier Discovery" Correct? _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
