OpenSC smartcard access should use raw public keys, not X.509 certificates

Peter Stuge stuge-openssh-unix-dev at
Sat Aug 2 10:09:07 EST 2008

On Fri, Aug 01, 2008 at 07:04:45PM -0400, Daniel Kahn Gillmor wrote:
> Since the private key is a superset of the public key, the public
> key itself would be already present.

Of course, but I don't think (m)any card OS will create a virtual
file EF for the public key that actually fetches from the private
key. That would have to be done in higher level software, but that
code is not allowed to read the private key. (For good reason.)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : 

More information about the openssh-unix-dev mailing list