On 1/20/2011 11:32 AM, Jean-Michel Pouré - GOOZE wrote: > >> Windows uses a container name derived from the serial number, >> and the keyid, (and maybe the type of card), and stored these in the >> certificate store. >> The current cardmod driver is using a constant serial number, >> 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 which will work for a single >> smartcard, but needs to be fixed to use the card's serial number. > > Thanks. This is major information. > > What do you think?
I have gotten further today. The current cardmod code does provide a AT_KEYEXCHANGE type key and has not implemented the CardRSADecrypt function. So I duplicated the code in CardGetContainerInfo to return both a CALG_RSA_SIGN and a CALG_RSA_KEYX. This may not be correct, as the keyUsage should be used to set if the prkey can be used to sign and/or decrypt. But I got further: "runas" will now prompt for the PIN but then gets an error but does not flush the logs to it is not clear how it got. certutil -SCinfo will read the card an prompt for the PIN. It will pop up a window to show the certificate, and one of the options is to install the certificate in the cert store. But it also tries to test the key. The log is closed properly, and shows that the CardRSADecrypt is missing. There is still some issues with finding the key. -- Douglas E. Engert <deeng...@anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
