- rename 'keytype' in some OpenPGP-specific types to 'key_id'
because they key ID was what the field was used for
- introduce field 'algorithm' in the structures above
to indicate the key's algorithm: RSA, ...
- define constant SC_OPENPGP_KEYALGO_RSA and use it
- rename constants SC_OPENPGP_KEYFORMAT_* to SC_OPENPGP_KEYFORMAT_RSA_*
because they are RSA specific
List additional algorithms & attributes as supported only when the card
supports changing the algorithms attributes DOs and exposes this by having
the EXT_CAP_ALG_ATTR_CHANGEABLE capability set.
Using different algorithms and attributes requires changing the algorithm
attributes DOs. If that is not supported - as indicated by a missing
EXT_CAP_ALG_ATTR_CHANGEABLE capability - then only those algorithms
described by the current algorithms attributes DOs' contents can be used.
In addition simplify setting the flags.
* use variables if they are already there
* be a bit more explicit in logging
* more consistent tag format: %04X
* cleanup flag setting for _sc_card_add_rsa_alg()
card-piv.c
make sure the string is null terminated before passing it
to hex_to_bin routine, which expects it
pkcs15-cac.c
free cn_name on failure
pkcs11-tool.c
make sure the string is null terminated before passing it to
parse_certificate(), which expects it
A card driver may declare support for computing the padding on the card,
or else the padding will be applied locally in padding.c. All five
PKCS11 PSS mechanisms are supported, for signature and verification.
There are a few limits on what we choose to support, in particular I
don't see a need for arbitrary combinations of MGF hash, data hash, and
salt length, so I've restricted it (for the user's benefit) to the only
cases that really matter, where salt_len = hash_len and the same hash is
used for the MGF and data hashing.
------------------------------------------------------------------------
Reworked and extended in 2018 by Jakub Jelen <jjelen@redhat.com> against
current OpenSC master, to actually work with existing PIV cards:
* extended of missing mechanisms (SHA224, possibility to select MGF1)
* compatibility with OpenSSL 1.1+
* Removed the ANSI padding
* Formatting cleanup, error checking
Based on the original work from
https://github.com/NWilson/OpenSC/commit/42f3199e66
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
modified: src/libopensc/pkcs15-infocamere.c
modified: src/libopensc/pkcs15-starcert.c
modified: src/pkcs15init/pkcs15-lib.c
Changed isf_acl to also need SO PIN for CREATE.
modified: src/pkcs15init/starcos.profile
* localize variables
* print errors to stderr
* release allocated resources
* return error code on error - improve non-interactive use
* do not show help on unknown commands when used non-interactively
* make 'interactive' a global variable
* set it when opensc was called with the SCRIPT argument
* document the behaviour in the manual page
Make interactive a global variable and set it in main.
When arguments are given, compare them like ambguous_match() does,
and show the matching ones only.
Add documentation of the 'help' command to the manual page.
In main loop on multiple matches, show help on matching commands only.
* most importantly: immediately return success on exact match
- this allows one command to be a prefix of another one
- it fixes the long-standing breakage between 'find' and 'find_tags'
* fail on second prefix-only match instead of waiting until the end
* check all parameters
* add comments
* inform caller on whether the match was ambiguous or there was no match
* move printing error messages to processing loopt in main()
Peter Marschall
Frank Morgner
gabrielmuller
Jakub Jelen
Raul Metsma
Nicholas Wilson
konstantinpersidskiy