&& is replaced by || in the test of valid key references for retired keys found in the Historic object. For retired keys, the user_consent flag was being set by default. Thus a C_Login(CKU_CONTEXT_SPECIFIC) would be required. NIST 800-73 only requires PIN_Always on the Sign Key. To extend the usefullnes of "retired keys" on non government issued PIV-like cards, code had already been added to use the certificate keyUsage flags to override the NIST defined key usage flags. The NONREPUDATION flag is now used to set the user_consent flag. So rather then always requiring C_Login(CKU_CONTEXT_SPECIFIC) for any retured key, the code only requires it for non government cards where teh certificate has NONREPUDATION. Changes to be committed: modified: card-piv.c modified: pkcs15-piv.c |
||
---|---|---|
.github | ||
MacOSX | ||
doc | ||
etc | ||
m4 | ||
packaging/debian.templates | ||
solaris | ||
src | ||
win32 | ||
.gitignore | ||
.travis.yml | ||
COPYING | ||
Makefile.am | ||
Makefile.mak | ||
NEWS | ||
README | ||
README.md | ||
appveyor.yml | ||
bootstrap | ||
bootstrap.ci | ||
configure.ac | ||
version.m4 |
README.md
OpenSC documentation
Wiki is available online
Please take a look at the documentation before trying to use OpenSC.