OpenSC smartcard access should use raw public keys, not X.509 certificates

Alon Bar-Lev alon.barlev at gmail.com
Sat Aug 2 15:10:02 EST 2008


On 8/2/08, Peter Stuge <stuge-openssh-unix-dev at cdy.org> wrote:
> On Fri, Aug 01, 2008 at 07:04:45PM -0400, Daniel Kahn Gillmor wrote:
>  > Since the private key is a superset of the public key, the public
>  > key itself would be already present.
>
>
> Of course, but I don't think (m)any card OS will create a virtual
>  file EF for the public key that actually fetches from the private
>  key. That would have to be done in higher level software, but that
>  code is not allowed to read the private key. (For good reason.)

For achieving sane user experience there is a need to access a public
object holding the public key. This allows to enumerate keys without
login each time the smartcard is inserted.

Alon.


More information about the openssh-unix-dev mailing list