Hi Viktor/all The commit made on the 25 Dec - "minidriver: allow double key usage", on the secure-messaging branch introduced some issues for my testing of an IAS/ECC card.
The first issue is that as per the IAS/ECC specifications, my key is enabled for KeyDecipher or Unwrap usage, and not Decrypt. However, it should still be made available as an AT_KEYEXCHANGE key, so that the unwrap is possible. Secondly, I can't see the purpose of allowing one key to be available both as an AT_SIGNATURE and as an AT_KEYEXCHANGE key. In fact, in my testing, if this is done, only signatures work, decryption fails. I think this is because the keys have the same GUID's (they are the same key) and the Microsoft key storage provider cannot handle this - understandably! My understanding is that if a key can be used for both signature and decryption then it is made available as a AT_KEYEXCHANGE key. If it can only do signatures, then it is made available as an AT_SIGNATURE key. This mode of operation works well in the tests I have done, both for signing and decrypting. I've attached a patch to fix these issues. Let me know if you have any comments/queries. I forgot to mention - all of these patches are for the secure-messaging branch of OpenSC. Cheers, Will
0003-Minidriver-AT_KEYEXCHANGE-AT_SIGNATURE-key-selection.patch
Description: 0003-Minidriver-AT_KEYEXCHANGE-AT_SIGNATURE-key-selection.patch
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
