Le mardi 26 avril 2011 à 08:23 +0300, Martin Paljak a écrit : > pkcs15-tool is a (G)UI as well. And to my knowledge it does what it > advertises.
After a short discussion with Martin, I post the steps to reproduce: Initialize the Feitian PKI: * pkcs15-init -E * pkcs15-init --create-pkcs15 --profile pkcs15+onepin --use-default-transport-key --pin 0000 --puk 111111 --label "François Pérou" Now find certificate including: one RSA private key, one X.509 certificate and CA certs. Online CAs provide such format. Import in key: * pkcs15-init --store-private-key key-file.p12 --format pkcs12 --auth-id 01 --pin 0000 Dump, we have no public object, which is normal: pkcs15-tool --dump Using reader with a card: Feitian SCR301 00 00 PKCS#15 Card [François Pérou]: Version : 0 Serial number : 2963094713181210 Manufacturer ID: EnterSafe Last update : 20110220103102Z Flags : EID compliant PIN [User PIN] Object Flags : [0x3], private, modifiable ID : 01 Flags : [0x32], local, initialized, needs-padding Length : min_len:4, max_len:16, stored_len:16 Pad char : 0x00 Reference : 1 Type : ascii-numeric Path : 3f005015 Private RSA Key [Private Key] Object Flags : [0x3], private, modifiable Usage : [0x10E], decrypt, sign, signRecover, derive Access Flags : [0x0] ModLength : 2048 Key ref : 1 Native : yes Path : 3f005015 Auth ID : 01 ID : 2649a19d5d6a216913c5a0c8bb9f97229dec99ab X.509 Certificate [/CN=***********/emailAddress=@***********] Object Flags : [0x2], modifiable Authority : no Path : 3f0050153100 ID : 2649a19d5d6a216913c5a0c8bb9f97229dec99ab Encoded serial : 02 03 00C520 X.509 Certificate [/O=CAcert Inc./OU=http://www.CAcert.org/CN=CAcert Class 3 Root] Object Flags : [0x2], modifiable Authority : yes Path : 3f0050153101 ID : ef47e5fca7e04e356d41b0192d725eb0e54fc3af Encoded serial : 02 01 01 X.509 Certificate [/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailAddress=supp...@cacert.org] Object Flags : [0x2], modifiable Authority : yes Path : 3f0050153102 ID : c81e42ceda0bc1d65c9051b0eb8679e29dd6c067 Encoded serial : 02 01 00 Now, we come to the point: * pkcs15-tool --list-public-keys returns nothing * pkcs15-tool --read-public-key c81e42ceda0bc1d65c9051b0eb8679e29dd6c067 returns the public key From a user point of view, this is an inconsistency. In my previous emails, I was suggesting that pkcs15-tool --list-public-keys may return all usable keys, even when public objects don't exist on card. Kind regards, -- Jean-Michel Pouré - Gooze - http://www.gooze.eu _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
