pkcs15-jpki.c - minidriver problem with reading public key #3182
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add SC_PKCS15_CO_FLAG_PRIVATE on "Digital Signature Public Key" and set pubkey_obj.flags and pubkey_obj.auth_id to use the Sign KEY so minidriver.c can request the pin before reading the public key. Card enforces this as perspecs. Partial fix for OpenSC#3169 Only pkcs15-jpki.c is changed. In addition to changes in OpenSC#3167 that address "user_consent" using "PinCacheAlwaysPrompt", The JPKI card forces the user to verify the Sign PIN before the public key is read. But to use the Sign KEY, Windows minidriver specs V7.07 says: the "CCP_CONTAINER_INFO" contains "cbSigPublicKey" and "pbSigPublicKey" which is needed before the key is selected. It might be possible to add bogus information in these and substitute the real values at a later time. But this will require someone with a working card. On branch minidriver-PinCacheAlwaysPrompt Changes to be committed: modified: libopensc/pkcs15-jpki.c On branch JPKI-Improvments Changes to be committed: modified: libopensc/pkcs15-jpki.c
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add SC_PKCS15_CO_FLAG_PRIVATE on "Digital Signature Public Key" and set
pubkey_obj.flagsandpubkey_obj.auth_idto use theSign KEYsominidriver.ccan request the PIN before reading the public key. Card enforces this as per specs.Partially Fixes #3169 Only
pkcs15-jpki.cis changed.Not tested with any card.
In addition to changes in #3167 that address "user_consent" using "PinCacheAlwaysPrompt", The JPKI card forces the user to verify the
Sign PINbefore the public key is read. But to use theSign KEY, Windows minidriver specs V7.07 says: the "CCP_CONTAINER_INFO" contains "cbSigPublicKey" and "pbSigPublicKey" which is needed before the key is selected.It might be possible to add bogus information in these and substitute the real values at a later time. But this will require someone with a working card.
Also possible to use code from
pkcs15-dnie.cwhich had its owndmie_ask_user_consent.On branch minidriver-PinCacheAlwaysPrompt
Changes to be committed:
modified: libopensc/pkcs15-jpki.c
On branch JPKI-Improvements
Changes to be committed:
modified: libopensc/pkcs15-jpki.c
Checklist