- added recommendation about 2 cert/key pairs
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@1570 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
c29e7d8510
commit
60892cd0a3
|
@ -44,9 +44,15 @@ filesystem {
|
|||
# The DELETE=NONE ACLs will go away once the code
|
||||
# works. It's here to make sure I can erase the card
|
||||
# even if I mess up big time.
|
||||
#
|
||||
# If you have a 16K card and wish to store
|
||||
# two cert/key pairs.
|
||||
# Note if you want the two keys to be protected by the
|
||||
# same pin, you need to increase the size of the pin-dir.
|
||||
DF PKCS15-AppDF {
|
||||
ACL = *=$SOPIN, FILES=NONE, DELETE=NONE;
|
||||
size = 7500;
|
||||
#size = 10000;
|
||||
|
||||
# This "pin-domain" DF is a template that is
|
||||
# instantiated for each PIN created on the card.
|
||||
|
|
|
@ -1710,7 +1710,7 @@ select_id(sc_pkcs15_card_t *p15card, int type, sc_pkcs15_id_t *id,
|
|||
|
||||
/* If the user provided an ID, make sure we can use it */
|
||||
if (id->len != 0) {
|
||||
r = func(p15card, id, &obj);
|
||||
r = sc_pkcs15_find_object_by_id(p15card, type, id, &obj);
|
||||
if (r == SC_ERROR_OBJECT_NOT_FOUND)
|
||||
return 0;
|
||||
if (strcmp(obj->label, "deleted"))
|
||||
|
@ -1727,8 +1727,29 @@ select_id(sc_pkcs15_card_t *p15card, int type, sc_pkcs15_id_t *id,
|
|||
id->value[0] = nid++;
|
||||
id->len = 1;
|
||||
|
||||
r = func(p15card, id, &obj);
|
||||
r = sc_pkcs15_find_object_by_id(p15card, type, id, &obj);
|
||||
if (r == SC_ERROR_OBJECT_NOT_FOUND) {
|
||||
/* We don't have an object of that type yet.
|
||||
* If we're allocating a PRKEY object, make
|
||||
* sure there's no conflicting pubkey or cert
|
||||
* object either. */
|
||||
if (type == SC_PKCS15_TYPE_PRKEY) {
|
||||
sc_pkcs15_search_key_t search_key;
|
||||
|
||||
memset(&search_key, 0, sizeof(search_key));
|
||||
search_key.class_mask =
|
||||
SC_PKCS15_SEARCH_CLASS_PUBKEY |
|
||||
SC_PKCS15_SEARCH_CLASS_CERT;
|
||||
search_key.id = id;
|
||||
|
||||
r = sc_pkcs15_search_objects(p15card,
|
||||
&search_key,
|
||||
NULL, 0);
|
||||
/* If there is a pubkey or cert with
|
||||
* this ID, skip it. */
|
||||
if (r > 0)
|
||||
continue;
|
||||
}
|
||||
if (!unused_id.len)
|
||||
unused_id = *id;
|
||||
continue;
|
||||
|
|
Loading…
Reference in New Issue