pkcs15-jpki.c - minidriver problem with reading public key #3182
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add SC_PKCS15_CO_FLAG_PRIVATE on "Digital Signature Public Key" and set
pubkey_obj.flags
andpubkey_obj.auth_id
to use theSign KEY
sominidriver.c
can request the PIN before reading the public key. Card enforces this as per specs.Partially Fixes #3169 Only
pkcs15-jpki.c
is changed.Not tested with any card.
In addition to changes in #3167 that address "user_consent" using "PinCacheAlwaysPrompt", The JPKI card forces the user to verify the
Sign PIN
before the public key is read. But to use theSign KEY
, Windows minidriver specs V7.07 says: the "CCP_CONTAINER_INFO" contains "cbSigPublicKey" and "pbSigPublicKey" which is needed before the key is selected.It might be possible to add bogus information in these and substitute the real values at a later time. But this will require someone with a working card.
Also possible to use code from
pkcs15-dnie.c
which had its owndmie_ask_user_consent
.On branch minidriver-PinCacheAlwaysPrompt
Changes to be committed:
modified: libopensc/pkcs15-jpki.c
On branch JPKI-Improvements
Changes to be committed:
modified: libopensc/pkcs15-jpki.c
Checklist