Major improvments in the PIV card modules: * OpenSC-0.11.2 only supported RSA 1K keys, the patch supports RSA 2K and 3K keys. * The FASC-N in the CHUID object is used as the card serial number. * A PIV card may have additional objects. These can now be read by pkcs11-tool and pkcs15-tool. * The p15card-helper.c module is no longer used. The code to call the sc_pkcs15emu_* routines has been moved back into pkcs15-piv.c and uses existing OpenSC routines to parse the certificate to find the modulus_len. * pkcs15-piv.c will now get the modulus_len from the certificates to store into the emulated prvkey an pubkey objects as they are being created using the sc_pkcs15emu_* routines. * The caching code that was added to card-piv.c in 0.11.2 is disabled, as pkcs15-piv.c will cache the certificate using existing OpenSC routines. * piv-tool will now print a serial number. * The key-usage bits for prvkey and pubkey objects are set in pkcs15-piv.c * The PIV "9E" key was added. It is not a private object, and can be used without a PIN. It is used with the "Certificate for Card Authenticaiton". * When used with the OpenSSL engine to generate a certificate request, the public key saved by piv-tool during a "generate asymmetric key pair" card command can be read from a file pointed at by the environment variable PIV_9*_KEY. Where * is A, C, D or E. * In the card_atr section of opensc.conf, flags = 20; can be used to only show the PIV Authentication cert. This feature was in 0.11.1 but was dropped in 0.11.2 when the p15card-helper.c was introduced. git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3174 c6295689-39f2-0310-b995-f0e70906c6a9 |
||
---|---|---|
aclocal | ||
doc | ||
etc | ||
man | ||
solaris | ||
src | ||
win32 | ||
COPYING | ||
Makefile.am | ||
Makefile.mak | ||
NEWS | ||
README | ||
bootstrap | ||
configure.in |
README
OpenSC documentation is now maintained in our online wiki at http://www.opensc-project.org/opensc/ and a copy in html format is provided in the doc/ directory with all releases or snapshots of OpenSC in tar.gz files. Please take a look at the documentation before trying to install OpenSC. Most important are the pages OverView A short introduction what OpenSC is and how it fits into the big picture. WhatsNew What is new, what has changed since the last major release? Also see this section for a list of incompatibilities. Short list: libopensc is now version 2.0.0, i.e. you need to recompile applications using opensc. And all libraries and the opensc-pkcs11.so module moved from lib/pkcs11/ or lib/opensc/ to simply lib/. That fixes a number of problems, but you might need to change some configuration. OperatingSystems What your operating system needs to have for OpenSC to work. CompilingInstalling How to compile and install OpenSC yourself. QuickStart installation and basic steps to initialize a blank smart card. UsingOpensc options when using OpenSC. Also check the specific pages of the smart cards or crypto tokens you want to use. If you have any trouble the MailingLists page will tell you how to contact us for help. Regards, the OpenSC Team.