Doug Engert

@jimvert You are correct, pkcs11-curr-v3.0-os "2.8.2 Generic secret key objects", "These keys do not support encryption or decryption". The pkcs11_ecdh_derive should have an additional parameter for newkey_type and if it...

in the opensc-debug log lines: 656 to 682 OPenSC issueds a SELECT AID for the AID in card-hsm.c: https://github.com/OpenSC/OpenSC/blob/master/src/libopensc/card-sc-hsm.c#L67 Your card responded with: ``` 6F 22 85 20 D6 3F...

I should also point out `card-sc-hsm.c` only caches the response as `priv->dffcp" and does not verify its contents. That should be fixed.

@frankmorgner @Jakuje This looks like if a card is in a reader and OpenSC can not support the card, it will still try and detect the card again. Suggestion:: -...

@psadaic have a look at #3472

> On a side note, something that puzzles me, why do some of the card drivers try to send SELECT before any ATR matching? Some even continue with SELECT even...

OpenSC pkcs11 will attempt to connect to any readers and cards when the module is loaded, before C_Initialize is called and will setup slots and virtual slots based on which...

> Card matching process inside OpenSC can easily last multiple seconds per single matching call due to multiple APDU commands being sent each time. @frankmorgner @Jakuje Yes that is an...

With further testing this is still not correct. The SC_READER_CARD_INVALID gets set, but removing the card and reinserting is not doing what I would suspect.

I have a working version Using Firefox-esr on Ubuntu 24.04 Firefox 142.0.1 installed in ~/firefox `doug@ubuntu-24-04:~$ OPENSC_DRIVER=PIV-II gdb --args firefox/firefox` I can start with or without a card in the...