Mouse

> Reading the API specs for KeyStoreSpi.engineGetCertificateChain(), I'm not sure if returning a partial chain is the correct behavior. That is the behavior that SunPKCS11 provider exhibits. I think that...

@CardContact I'm closing this issue, as after you suggested a simple fix that works it is unfair to keep it open. In light of the above though, I'd like to...

@CardContact one thing more: to use your PKCS11 provider in place of SunPKCS11, one needs to be aware that instead of _configuration_ file that SunPKCS11 expects, one should just supply...

> can you share some command lines that show how you used opensc-java with jarsigner? Certainly! (Needless to say, `opensc-java.jar` has to be signed with JCE signing key for this...

@CardContact I hope the above helped. Would you like more info? If so, please feel free to ask specific questions.

> Unfortunately there doesn't seem to be a way to set java.library.path for keytool or jarsigner I have never tried. I placed the .so (actually .dylib) file also in /Library/Java/Extensions...

On Mac OS X one can manually edit and fix the library path via ``` $ install_name_tool -change /usr/local/lib/libltdl.7.dylib /opt/local/lib/libltdl.7.dylib build/lib/libopensc-PKCS11-x86_64.dylib $ ``` But I'd rather not resort to such...

I understand. Your concern is both appreciated and well-found.

IMHO, from practical point of view, a construct like ``` K = KDF (SS1 || SS2 || ... || SSn) ``` is hard to beat, both security-wise and simplicity-wise. I...

> Oh, so I guess I must learn Rust, then? 😆 @levitte Of course! Didn't you know that all along? :-) > 'm not sure how to answer your question,...