Major improvments in the PIV card modules:
* OpenSC-0.11.2 only supported RSA 1K keys, the patch supports RSA 2K and 3K
keys.
* The FASC-N in the CHUID object is used as the card serial number.
* A PIV card may have additional objects. These can now be read by pkcs11-tool
and pkcs15-tool.
* The p15card-helper.c module is no longer used. The code to call the
sc_pkcs15emu_* routines has been moved back into pkcs15-piv.c and uses
existing OpenSC routines to parse the certificate to find the modulus_len.
* pkcs15-piv.c will now get the modulus_len from the certificates to store into
the emulated prvkey an pubkey objects as they are being created using the
sc_pkcs15emu_* routines.
* The caching code that was added to card-piv.c in 0.11.2 is disabled, as
pkcs15-piv.c will cache the certificate using existing OpenSC routines.
* piv-tool will now print a serial number.
* The key-usage bits for prvkey and pubkey objects are set in pkcs15-piv.c
* The PIV "9E" key was added. It is not a private object, and can be used
without a PIN. It is used with the "Certificate for Card Authenticaiton".
* When used with the OpenSSL engine to generate a certificate request, the
public key saved by piv-tool during a "generate asymmetric key pair" card
command can be read from a file pointed at by the environment variable
PIV_9*_KEY. Where * is A, C, D or E.
* In the card_atr section of opensc.conf, flags = 20; can be used to only show
the PIV Authentication cert. This feature was in 0.11.1 but was dropped in
0.11.2 when the p15card-helper.c was introduced.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3174 c6295689-39f2-0310-b995-f0e70906c6a9
change the do_decompress* to sc_decompress* and the initialize_* to
sc_pkcs15emu_initialize_* in the new code.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3126 c6295689-39f2-0310-b995-f0e70906c6a9
The attached change to card-piv.c is need to recognize a
valid PIV card applet. All of the previous test cards would
return in response to a SELECT the full AID where as they
should have returned the the PIX portion of the AID. The newest
test cards are now doing this correctly.
This change will recognize either as a PIV applet.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@2885 c6295689-39f2-0310-b995-f0e70906c6a9