Doug Engert
Doug Engert
### Problem Description OpenSSL and other crypto libraries have function [ERR_print_errors_fp](https://www.openssl.org/docs/man3.1/man3/ERR_print_errors_fp.html) . OpenSC uses this in ./libopensc/card-iasecc.c, ./libopensc/card-piv.c, ./pkcs15init/pkcs15-oberthur-awp.c, ./tools/piv-tool.c, ./tools/sc-hsm-tool.c and ./tools/gids-tool.c to either print to opensc-debug.log or stderr....
### Problem Description These are comments while experimenting with OpenPGP on a Nitro Start (GUNK) and a Yubikey 5 NFC and OpenSSL 3.1.2 generated MONTGOMERY keys and OpenSC 0.24.0-rc2. The...
### Problem Description With #2053 The secure messaging code was written based on [NIST SP 800-73-4](https://csrc.nist.gov/publications/detail/sp/800-73/4/final) The implementation follows 800-73-4 Part 2 Section 4 and uses variable names and step...
### Problem Description There several places in OpenSC which use "Card Verifiable Certificates" (CVC). Many are parsed by OpenPACE but `./libopensc/pkcs15-sc-hsm.c` and with #2053 `./libopensc/card-piv.c`. This was used to find...
Using the ATR of 3B80800101 is so generic, that it can lead to problems because at least one other PIV card is reported to use the same ATR. "PIVKey uTrust...
Now that 0.25.0 has been released, this PR is being resubmitted and rebased on current master. Fixes: #2952 which explains most of what was done. It also addresses #3000 in...
With the introduction of Secure Messaging in PIV driver last year, some developers where questioning why the PIV SM was implemented in `card-piv.c` rather then using `sm/sm-iso.c` where it could...
During card matching, only use GET DATA of Discovery object before or in place of SELECT AID, if the ATR matches a known card or user has forced the card...
(WIP may fix #3159 waiting to download the MSI artifacts for testing.) PKCS11 supports CKA_ALWAYS_AUTHENTICATE and PKCS15 user_consent Windows minidriver supports PinCacheAlwaysPrompt Mindriver has MD_ROLE_USER_SIGN for a pin which is...
Add SC_PKCS15_CO_FLAG_PRIVATE on "Digital Signature Public Key" and set `pubkey_obj.flags` and `pubkey_obj.auth_id` to use the `Sign KEY` so `minidriver.c` can request the PIN before reading the public key. Card enforces...