Many thanks, Douglas! You helped me to sort this problem out after I had spent a week or so.
Some words to finish this topic: My goal was to encrypt/decrypt some data with the PIV card (i.e., only the card keeper may use the data). It can be done in the easier way: 1. PIV cards can have their Key Management Key destined to provide key establishment during transactions. 2. If this KMK uses ECDH, I can emulate C(1;1) scheme (NIST SP800-73-3,part2). That is: 2.1. I create and store in code my own EC public key (openssl affords to create EC private keys and certificates with public keys included). 2.2. The card is authorized. 2.3. I call its 'General authentication' operation with KMK and this public key. 2.4. As a result, I have the secret code. This code is suitable for AES encryption. Therefore, I use openssl in order to create this public key and to operate with AES encryption. Best regards, Max Ushakov -- View this message in context: http://old.nabble.com/How-to%3A-read-a-certificate-from-PIV-smart-card%2C-encode-some-text-with-its-public-key--tp32941067p32966373.html Sent from the OpenSSL - Dev mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
