You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, the OpenSC does not know how to encrypt data using public key. Indeed this is not a card operation so it happens off-card anyway so its not a huge issue and the application can pull the public key and do the encryption. But it would be convenient if this could work the same way as the C_Verify operation, which already does something very similar.
Currently, calling the following pkcs11-tool command
Problem Description
Currently, the OpenSC does not know how to encrypt data using public key. Indeed this is not a card operation so it happens off-card anyway so its not a huge issue and the application can pull the public key and do the encryption. But it would be convenient if this could work the same way as the C_Verify operation, which already does something very similar.
Currently, calling the following pkcs11-tool command
fails very early, already in pkcs11-tool, as it is now searchnig only for secret keys for encryption.
Proposed Resolution
Adding these:
will get the call to
C_EncryptFinal
, but it fails here, as the the public key on pkcs15 layer does not have the encrypt operation:OpenSC/src/pkcs11/pkcs11-object.c
Line 862 in 1fb5655
Very different code is in the
C_VerifyInit
, which emulates the operation in the software.Steps to reproduce
Run above pkcs11-tool command.
The text was updated successfully, but these errors were encountered: