On Tue, 2010-12-14 at 13:29 +0200, Martin Paljak wrote: > On Dec 14, 2010, at 1:21 PM, Andre Zepezauer wrote: > > > On Tue, 2010-12-14 at 13:07 +0200, Martin Paljak wrote: > >> > >> Right now I guess that the stripping of input data, coming from an > >> application (meaning that the calling application will expect the data to > >> be exactly the same when verifying the signature) is wrong in pkcs15-sec.c > >> [1]. > >> As there are no other fields that would control the absence (or addition > >> in the card) of DigestInfo prefix, it does not make any sense to me. > >> Thoughts anyone? > > > > It really does make sense for cards, that will reattach the prefix > > internally ;) > > Do you know such cards (other than D-trust CardOS cards)?
No. > How to signal such behavior to the card and inside libopensc? 5. Additionally the value of AlgorithmInfo.algRef should be passed to set_security_environment. It could be used in tag 0x80. Or in the case of PIV, as P1 or P2 in GENERAL AUTHENTICATE. ... and if necessary, then cardos_compute_signature could strip the prefix itself. _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
