pkcs15-jpki.c - minidriver problem with reading public key #3182
Commits on Jun 14, 2024
-
pkcs15-jpki.c - minidriver problem with reading public key
Add SC_PKCS15_CO_FLAG_PRIVATE on "Digital Signature Public Key" and set pubkey_obj.flags and pubkey_obj.auth_id to use the Sign KEY so minidriver.c can request the pin before reading the public key. Card enforces this as perspecs. Partial fix for OpenSC#3169 Only pkcs15-jpki.c is changed. In addition to changes in OpenSC#3167 that address "user_consent" using "PinCacheAlwaysPrompt", The JPKI card forces the user to verify the Sign PIN before the public key is read. But to use the Sign KEY, Windows minidriver specs V7.07 says: the "CCP_CONTAINER_INFO" contains "cbSigPublicKey" and "pbSigPublicKey" which is needed before the key is selected. It might be possible to add bogus information in these and substitute the real values at a later time. But this will require someone with a working card. On branch minidriver-PinCacheAlwaysPrompt Changes to be committed: modified: libopensc/pkcs15-jpki.c On branch JPKI-Improvments Changes to be committed: modified: libopensc/pkcs15-jpki.c
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.