OpenSC smartcard access should use raw public keys, not X.509 certificates
Alon Bar-Lev
alon.barlev at gmail.com
Sat Aug 2 15:10:02 EST 2008
On 8/2/08, Peter Stuge <stuge-openssh-unix-dev at cdy.org> wrote:
> On Fri, Aug 01, 2008 at 07:04:45PM -0400, Daniel Kahn Gillmor wrote:
> > Since the private key is a superset of the public key, the public
> > key itself would be already present.
>
>
> Of course, but I don't think (m)any card OS will create a virtual
> file EF for the public key that actually fetches from the private
> key. That would have to be done in higher level software, but that
> code is not allowed to read the private key. (For good reason.)
For achieving sane user experience there is a need to access a public
object holding the public key. This allows to enumerate keys without
login each time the smartcard is inserted.
Alon.
More information about the openssh-unix-dev
mailing list