Re: pkinit integration with smart card

number of supported mechanisms: 2
rsa-pkcs: unwrap, wrap
sha1-rsa-pkcs: unwrap, wrap, genereate-key-pair, generate, verify-recover, verify, sign-recover, sign, decrypt, encrypt

This part show the the card is broken and lies though it teeth.

cert: 0 (have private key)
issuer: "OU=CA,OU=Kansas City Plant,OU=Department of Energy,O=U.S. Government,C=US"
subject: "2.5.4.5=u60267+CN=Michael B. Alexander,OU=local,OU=person,OU=Kansas City Plant,OU=Department of Energy,O=U.S. Government,C=US"
cert: 1 (have private key)
issuer: "OU=CA,OU=Kansas City Plant,OU=Department of Energy,O=U.S. Government,C=US"
subject: "2.5.4.5=u60267+CN=Michael B. Alexander,OU=local,OU=person,OU=Kansas City Plant,OU=Department of Energy,O=U.S. Government,C=US"

And here it the real problem, you have two cert/public key/private key triplets on the card

and the code that is supposed to select the signing certificate somehow failes to do the

right thing, it chooses the encryption only cert/key, and after that, everything goes bad.

I'll try to add certs like that to the regression tests.

Neat to see that multivalue rdn printing code works....

Love

Follow-Ups:

Re: pkinit integration with smart card
- From: Love Hörnquist Åstrand <lha@kth.se>