Moin, Am Sat, 20 Jan 2007 16:35:59 +0100 schrieb Sebastian Thias:
> is there any update on the availability of the Siemens-HiPath-Profile? I was too busy to look at it lately. However, file access should work in SVN (e.g. pkcs15-tool -D, pkcs15-tool -r, etc.) as should decrypting (pkcs15-crypt -c, or even through the pkcs11-module in thunderbird for example). > Is there anything I could do to assist in constructing the profile or > the support of the CardOS 4.3b-Cards in general? What's still prominently missing is signing. That's because CardOS cards need a horrific workaround: they can't sign and decrypt with the same key. OpenSC works around this by creating two copies of the same key (one marked for decrypting, one marked for signing). HiPath uses another approach: They mark their key for decryption only and sign by using the DECIPHER operation. Luckily (as Nils found out) they note that fact in the PKCS#15 TokenInfo file in the AlgorithmInfo list. However, I think opensc currently has no support for parsing this information, because the ASN.1 parser doesn't support SEQUENCE OF (or rather, that was the case when I last looked at it three months ago). So what needs to be done is: + Parse AlgorithmInfo in TokenInfo + When a private key operation is to be executed, look at that key's KeyInfo, find the reference to the AlgorithmInfo in the TokenInfo, look up that AlgorithmInfo, find the algRef, and if it's RSA_PURE (0x0c), then do a DECIPHER for the signature computation. -- Henryk Plötz Grüße aus Berlin ~ Help Microsoft fight software piracy: Give Linux to a friend today! ~
pgpmYdujvqnPI.pgp
Description: PGP signature
_______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
