Hi Viktor,
Thanks for your guide, but...
On 05/21/2012 09:00 PM, Viktor Tarasov wrote:
> 5015 comes from your pkcs15init profile
> https://github.com/hongquan/OpenSC-OpenPGP/commit/9b2ea7689b461c31b7ffda736d2c9dc332491562#L1R59
> where your crypto objects are put inside the 'DF PKCS15-AppDF'.
>
> Path for this DF is not defined in openpgp profile,
> so, it takes it from the upper profile -- pkcs15.profile.
> https://github.com/hongquan/OpenSC-OpenPGP/blob/openpgp/src/pkcs15init/pkcs15.profile#L135
>
> Never tried it myself, but you can try the openpgp profile without
> 'PKCS15-AppDF'.
I removed the PKCS15-AppDF from the openpgp.profile (see my attachment)
and bring up "template key-domain" block to right under "DF MF", but the
pkcs15-init still fills 5015 to the path:
0xb72236c0 09:33:58.561 [pkcs15-init]
pkcs15-lib.c:1530:sc_pkcs15init_store_certificate: Store
cert(Certificate,ID:707d8f9e04a18d5e7a4b3c3adebe8124cda8c310,der(0x9dd82a0,753))
0xb72236c0 09:33:58.562 [pkcs15-init]
pkcs15-lib.c:1720:sc_pkcs15init_store_data: called
0xb72236c0 09:33:58.562 [pkcs15-init]
pkcs15-lib.c:2274:select_object_path: called
0xb72236c0 09:33:58.562 [pkcs15-init]
pkcs15-lib.c:2299:select_object_path: key-domain.certificate @3f005015
(auth_id.len=0)
0xb72236c0 09:33:58.562 [pkcs15-init]
profile.c:691:sc_profile_instantiate_template: Instantiating template
key-domain at 3f005015
0xb72236c0 09:33:58.562 [pkcs15-init]
profile.c:774:sc_profile_instantiate_file: Instantiated private-key at
3f0050155f48
0xb72236c0 09:33:58.562 [pkcs15-init]
profile.c:775:sc_profile_instantiate_file: parent=PKCS15-AppDF@3f005015
0xb72236c0 09:33:58.562 [pkcs15-init]
profile.c:774:sc_profile_instantiate_file: Instantiated public-key at
3f0050157f49
0xb72236c0 09:33:58.562 [pkcs15-init]
profile.c:775:sc_profile_instantiate_file: parent=PKCS15-AppDF@3f005015
0xb72236c0 09:33:58.562 [pkcs15-init]
profile.c:774:sc_profile_instantiate_file: Instantiated certificate at
3f0050157f21
0xb72236c0 09:33:58.562 [pkcs15-init]
profile.c:775:sc_profile_instantiate_file: parent=PKCS15-AppDF@3f005015
0xb72236c0 09:33:58.562 [pkcs15-init]
profile.c:774:sc_profile_instantiate_file: Instantiated privdata at
3f0050150101
0xb72236c0 09:33:58.562 [pkcs15-init]
profile.c:775:sc_profile_instantiate_file: parent=PKCS15-AppDF@3f005015
0xb72236c0 09:33:58.562 [pkcs15-init]
pkcs15-lib.c:2321:select_object_path: instantiated template path
3f0050157f21
0xb72236c0 09:33:58.562 [pkcs15-init]
pkcs15-lib.c:2350:select_object_path: returns object path '3f0050157f21'
...
0xb72236c0 09:33:58.562 [pkcs15-init]
pkcs15-lib.c:528:sc_pkcs15init_delete_by_path: trying to delete
'3f0050157f21'
0xb72236c0 09:33:58.562 [pkcs15-init] card.c:571:sc_select_file: called;
type=2, path=3f0050157f21
0xb72236c0 09:33:58.562 [pkcs15-init]
card-openpgp.c:714:pgp_select_file: called
0xb72236c0 09:33:58.562 [pkcs15-init]
card-openpgp.c:739:pgp_select_file: returning with: -1201 (File not found)
Or the layout with PKCS15-AppDF is mandatory from the pkcs15 view?
If yes, I will consider to change the emulated file system layout in the
OpenPGP driver.
@Peter Marschall: You and me are working on OpenPGP. How do u think
about changing the emulated file layout. How should I do to not break
too much the code base?
> If you are going to use the common pkcs15 and pkcs15init framework ,
> you have to fill at least the 'write' hadle with the meanigfull actions .
> https://github.com/hongquan/OpenSC-OpenPGP/blob/openpgp/src/libopensc/card-openpgp.c#L827
> Inside this handle the 'PUT DATA' or else can be used -- it's doesn't
> matter.
Thanks.
--
Regards,
Quân
#
# PKCS15 profile, generic information.
# This profile is loaded before any card specific profile.
#
cardinfo {
min-pin-length = 6;
# max length should be overridden in the per-card profile
max-pin-length = 12; # To be defined
}
# Default settings.
# This option block will always be processed.
option default {
macros {
protected = *=$SOPIN, READ=NONE;
unprotected = *=NONE;
so-pin-flags = local, initialized, soPin;
so-min-pin-length = 8;
so-pin-attempts = 3;
so-auth-id = FF;
odf-size = 256;
aodf-size = 256;
cdf-size = 512;
prkdf-size = 256;
pukdf-size = 256;
dodf-size = 256;
}
}
# Define reasonable limits for PINs and PUK
# Note that we do not set a file path or reference
# for the user pin; that is done dynamically.
PIN user-pin {
attempts = 3;
flags = local, initialized;
}
PIN so-pin {
auth-id = $so-auth-id;
attempts = $so-pin-attempts;
min-length = $so-min-pin-length;
flags = $so-pin-flags;
}
filesystem {
DF MF {
path = 3F00;
type = DF;
# This template defines files for keys, certificates etc.
#
# When instantiating the template, each file id will be
# combined with the last octet of the object's pkcs15 id
# to form a unique file ID.
template key-domain {
# This is a dummy entry - pkcs15-init insists that
# this is present
EF private-key {
file-id = 5F48;
ACL = *=NEVER, CRYPTO=$PIN, UPDATE=$PIN;
}
# public keys
EF public-key {
file-id = 7F49;
structure = transparent;
ACL = *=NEVER,
READ=NONE,
UPDATE=$PIN,
ERASE=$PIN;
}
# Certificate template
EF certificate {
file-id = 7F21;
structure = transparent;
ACL = *=NEVER,
READ=NONE,
UPDATE=$PIN,
ERASE=$PIN;
}
# private data objects are stored in transparent EFs.
EF privdata {
file-id = 0101;
structure = transparent;
ACL = *=NEVER,
READ=$PIN,
UPDATE=$PIN,
ERASE=$PIN;
}
}
}
}
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
