Doug Engert

@haijie-ftsafe and @devshah89 can you run this command to get the ATR and the epass2003 data object? `opensc-tool --card-driver default --send-apdu 00:CA:01:86:00` All the cards that fail have this output:...

For whatever it is worth, I wrote this 4 years ago, but no one was interested: https://github.com/dengert/OpenSC/tree/YubiKey5

@Jakuje I agree that the touch policy is set on the key, much like CKA_ALWAYS_AUTHENTICATE method used with the PIV 9C key. The code from 4 years ago: https://github.com/dengert/OpenSC/tree/YubiKey5 would...

The Yubico metadata has a lot of useful info. If you where to issue the Yubico get metadata command from `card-piv.c` and cache the data in `card-piv.c` it could be...

With 0494e46a39 in `pkcs15-framwork.c` `sc_pkcs15_decrypt` is called twice if first fails and not using PKCS#1 v1.5. So why limit the test to padding to PKCS#1 v1.5? It looks like ca08e97ab751654a753c60986a8d6e491d6e289a...

Sounds like a plan. I would suggest that @xhanulik start with the decrypt, as reselect is causing problems with the "prevent side channel attack"

The line numbers in the trace don't match what is in master. You may want to try with latest code. OpenSC will hide pin commands in the log. Try setting...

The failure appears to be coming from: ``` Outgoing APDU (16 bytes): 0C 82 01 81 0A 8E 08 05 23 55 BF 2B E6 BF 2F 00 ........#U.+../. ......

> So if you are willing to try something, replace line 3433 r = get_external_key_retries(card, 0x80 | kid, &retries); with retries=5; Good to hear it works. But eliminating the code...

> For APDU CASE 1 (no Le, field, Lc=0), the initialization vector is not used in this mode when generating the MAC (analysed from the code), I assume this is...