This fixes problem as stated in: https://github.com/OpenSC/OpenSC/issues/1292#issuecomment-431879472 pkcs15-crypt.c will treat keys with user_consent like PKCS#11 would. SC_AC_CONTEXT_SPECIFIC is set when doing a verify so a card driver can take action if needed. card-piv.c is currently the only driver doing so. It uses this to hold the card lock so both the VERIFY and following crypto operations are in the same transaction. The card enforces this restriction. Without this additional APDUs may be sent before every transaction to test that the expected applet is selected. Unlike the circumvention of using ignore_user_consent=true and pin caching this modification allows a pin pad reader to be used for keys requiring user_consent. On branch pkcs15-context-specific Changes to be committed: modified: pkcs15-crypt.c |
||
---|---|---|
.github | ||
MacOSX | ||
doc | ||
etc | ||
m4 | ||
packaging/debian.templates | ||
src | ||
win32 | ||
.gitignore | ||
.travis.yml | ||
COPYING | ||
Makefile.am | ||
Makefile.mak | ||
NEWS | ||
README | ||
README.md | ||
appveyor.yml | ||
bootstrap | ||
bootstrap.ci | ||
configure.ac | ||
version.m4 |
README.md
OpenSC documentation
Wiki is available online
Please take a look at the documentation before trying to use OpenSC.
Build and test status of specific cards:
Cards | Status |
---|---|
CAC | |
Coolkey |