OpenSC smartcard access should use raw public keys, not X.509 certificates
Peter Stuge
stuge-openssh-unix-dev at cdy.org
Sat Aug 2 10:09:07 EST 2008
On Fri, Aug 01, 2008 at 07:04:45PM -0400, Daniel Kahn Gillmor wrote:
> Since the private key is a superset of the public key, the public
> key itself would be already present.
Of course, but I don't think (m)any card OS will create a virtual
file EF for the public key that actually fetches from the private
key. That would have to be done in higher level software, but that
code is not allowed to read the private key. (For good reason.)
//Peter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20080802/657f2d75/attachment.bin
More information about the openssh-unix-dev
mailing list