Re: Re: Netkey E4: detect if local pins are already set

Moin,

On Mon, May 08, 2006 at 11:10:02PM +0200, Peter Koch wrote:
> This is a quick and dirty hack to make the card work. It
> forces OpenSC to skip the first certificate and load the
> second instead.
Jup

> Could you please test the latest snapshop. When I
> wrote the 0.10.1 code I believed that the id of a
> certificate uniquely identifies the certificate itself.
> This is wrong. It uniquely identifies the key that is
> contained in the certificate. And Netkey cards
> contain more than one certificate per key.
I see you changed the id-counting of certs.. but this doesnt
help me here. The output for the two first certs i get now
from pkcs15-tool -c:
X.509 Certificate [Telesec Signatur Zertifikat]
    Flags    : 0
    Authority: no
    Path     : df01c000
    ID       : 45

X.509 Certificate [Signatur Zertifikat 1]
    Flags    : 2
    Authority: no
    Path     : df014331
    ID       : 45

...and the key comes up as
Private RSA Key [Signatur Schluessel]
    Com. Flags  : 1
    Usage       : [0x204], sign, nonRepudiation
    Access Flags: [0x1D], sensitive, alwaysSensitive, neverExtract, local
    ModLength   : 1024
    Key ref     : 128
    Native      : yes
    Path        : df015331
    Auth ID     : 04
    ID          : 45

Now when i use id45 in OpenSwan the wrong cert is taken, 
df01c000, not the other one. What would help with those 
cards here would be a proper counting of the ids of the 
certs where cert df014331 comes up as id46, and the 
private-keys are not counted in a row but 45, 47, 48, 50 
(its 45-48 now).
When i the try to access cert id46 and opensc sees there is
no privatekey 46 it counts down till it finds one.
But i have no clue else this would break.


Christian