b94c163 - invalid, non-tested
11881a6 -- src/libopensc/card-iasecc.c -- return from select has to be ignored,
3a92bf7 -- src/pkcs11/slot.c -- SEGFAULT issue #3733a92bf7 -- src/tools/piv-tool.c -- confirmed by author
6759c04 -- src/pkcs15init/pkcs15-lib.c -- file instantiation error has to be ignored
Add a --no-prompt flag to pkcs15-tool (i.e. the equivalent of the --no-prompt flag of pkcs15-init). As to aid readers with keypads (as commonly used in the medical space).
openpgp-tool: Added PRIVATE-DO-3 dump option
The bytes of private-do-3 will be written to stdout raw.
Requires pin and verify to work.
openpgp-tool: Fix private-do-3 dump for Windows
fwrite will convert line endings on Windows if the destination
is not openend in binary mode. As this actually dumps binary data,
it makes sense to reopen stdout in binary mode for the dump.
openpgp-tool: Enable dumping of all DOs
PRIVATE-DO-<X> can now be dumped via the -d/--do switches and
the DO number as a parameter.
PRIVATE-DO-[12] can be dumped without verification.
PRIVATE-DO-3 requires CHV2, PRIVATE-DO-4 CHV3.
openpgp-tool: Dump DOs as hex into a tty, binary otherwise
This prevents messing up a terminal if there really _is_
binary data in a private DO. To force the binary data to a terminal,
pipe through cat.
openpgp-tool: Hint at the pin and verify options on error
SC_ERROR_SECURITY_STATUS_NOT_SATISFIED is the error code
here when dumping a private DO without the appropriate verification.
openpgp-tool: Explictly use --raw for binary ouput
The --raw switch already exists. If present, raw binary will be written,
a pretty-printed hex/ascii representation otherwise.
card-asepcos: removed dead code
card-authentic: removed dead code
card-belpic: removed dead code
card-epass2003: removed dead code
card-flex: removed dead code
card-gpk: removed dead code
card-oberthur: removed dead code
card-piv: removed dead code
card-setcos: removed dead code
ctbcs: removed dead code
cwa14890: removed dead code
muscle: removed dead code
pkcs15-atrust-acos: removed dead code
pkcs15-gemsafeV1: removed dead code
pkcs15-skey: removed dead code
reader-ctapi: removed dead code
framework-pkcs15: removed dead code
pkcs11-object: removed dead code
pkcs15-asepcos: removed dead code
pkcs15-cardos: removed dead code
pkcs15-jcop: removed dead code
pkcs15-lib: removed dead code
pkcs15-oberthur: removed dead code
parse: removed dead code
sclex: removed dead code
sm-card-authentic: removed dead code
sm-card-iasecc: removed dead code
sm-cwa14890: removed dead code
sm-global-platform: removed dead code
sc-test: removed dead code
pkcs11-tool: removed dead code
pkcs15-tool: removed dead code
RSA and EC keys have different usage attributes. Appropriate attributes are set
When using --keypairgen the user can use the --usage-sign, --usage-decrypt,
and --usage-derive. to get finer control.
Changes to be committed:
modified: tools/pkcs11-tool.c
exit_status is either set directly or a function return is ORed with it,
in which case EXIT_SUCCESS can never be returned if the initial value is !=
0;
the proprietary on-card data can contain the GUIDs created by proprietary MW,
these data are parsed by card driver and put into the internal pkcs15 private key data
to be accesible in the different OpenSC frameworks
existing 'guid' obejct's data replaced by the one in private-key info
New CMAP record data used by pkcs15init emulator for the cards that have
the MD specific on-card data
The name implies what the format of the returned value, a SPKI.
The support for spki as a pkcs15 format of a pubkey, is extended to
work for any algorithm not just EC pubkeys. PKCS#15 appears to allow this.
sc_pkcs15_decode_pubkey_with_param will look for a SPKI
and attempt to use it for any algorithm, including RSA.
(RSA is the null case, as there are no algorithm parameters.)
sc_pkcs15_encode_pubkey_as_spki is exported from libopensc.
pkcs15-piv.c will use sc_pkcs15_encode_pubkey_as_spki to load public keys
as SPKI for RSA and EC.
The pubkey->data is never a SPKI, it is the DER encoding of the
pubkey without the parameters. If an spki is needed, use the
sc_pkcs15_encode_pubkey_as_spki to get the DER encoding of the spki.
As in the previous set of patches, pkcs15-tool.c will output both
sc_pkcs15_decode_pubkey_with_param and its internal.
This was left for testing, and the pubkey_pem_encode should be deleted
0x9B is defined as the Card Management Key, and probably shouldn't be
regenerated. 0x9E is the Card Authentication key which is what you
should be generating keys for. This also brings piv-tool in line with
the documentation that states 0x9A, 0x9C, 0x9D and 0x9E are the proper
keyIds to use.
All the other option values are initialized to NULL, so do the same to
opt_auth_id.
(Although, as they're all static globals, they should be set to 0 at
runtime anyway, I think...)
Signed-Off-By: Anthony Foiani <anthony.foiani@gmail.com>