Peter Popovec
Peter Popovec
@CendioOssman The simplest way to use 1024 bit key and SHA512 with MyEID is recompiling OpenSC, here patch: ````` diff --git a/src/libopensc/card-myeid.c b/src/libopensc/card-myeid.c index 677e068f..70e47adc 100644 --- a/src/libopensc/card-myeid.c +++ b/src/libopensc/card-myeid.c...
Making MyEID driver configurable - to disable/enable internal PKCS#1 padding function and disable/enable internal digest info prefix insertion - from opensc.conf or environment variable make a sense. There is bigger...
@dengert I did the test as you suggested: ````` diff --git a/src/libopensc/card-myeid.c b/src/libopensc/card-myeid.c index 677e068f..321f5027 100644 --- a/src/libopensc/card-myeid.c +++ b/src/libopensc/card-myeid.c @@ -225,7 +225,7 @@ static int myeid_init(struct sc_card *card) }...
@dengert For now we can ignore 40% limitation, and even if, RSA1024 with SHA256 meet this limit .. (I also run tests with RSA2048 and SHA256 .. same ***wrong*** results)...
@dengert TAG 0x80 with value 0x42 is not accepted by MyEID card, because this value is RFU (from Aventra doc .. ).. and even if this add this prefix, we...
@dengert You forgot to answer me .. > Before I try any tests and document anything else, I would like you to explain to me, which of the following points...
@dengert Thank you for your opinion.
I will try to find where the problem is, here debug if cache is enabled: ````` P:922036; T:0x140389957015360 19:14:42.962 [pkcs15-init] pkcs15-myeid.c:601:myeid_create_key: Key file size 768 P:922036; T:0x140389957015360 19:14:42.962 [pkcs15-init] pkcs15-myeid.c:608:myeid_create_key:...
For the cache to work normally, the update tokeninfo must be enabled: ````` diff --git a/src/pkcs15init/myeid.profile b/src/pkcs15init/myeid.profile index fb2dc7c0..ffac44a8 100644 --- a/src/pkcs15init/myeid.profile +++ b/src/pkcs15init/myeid.profile @@ -21,7 +21,7 @@ pkcs15 {...
Yes, I'm also considering the possibility that any write to the card would invalidate the cache. It is the easiest implementable option. All you have to do is delete the...