Bug 621

Summary: scard-opensc.c: more than one private key object for a certificate
Product: Portable OpenSSH Reporter: Nils Larsch <larsch>
Component: SmartcardAssignee: OpenSSH Bugzilla mailing list <openssh-bugs>
Status: CLOSED FIXED    
Severity: normal    
Priority: P2    
Version: -current   
Hardware: All   
OS: Linux   
Bug Depends on:    
Bug Blocks: 627    
Attachments:
Description Flags
suggested patch none

Description Nils Larsch 2003-07-23 18:29:17 AEST 
There's currently a small problem in scard-opensc.c if there's more than one
private key object for a given certificate (i.e. public key). For example some
cards OSs do not support signing and decryption with one private key object
=> if you want to use the same key for signing and decryption you need
two copies of the key (one for signing and one for decryption).
Currently scard-opensc.c uses the sc_pkcs15_find_prkey_by_id function to get
the private key object (specified by the pkcs15 id) but this function returns
only the first private key object found. It would be better to use the
sc_pkcs15_find_prkey_by_id_usage function and search for a private key
with the desired capability (see attached patch).

Nils
Comment 1 Nils Larsch 2003-07-23 18:30:33 AEST 
Created attachment 360 [details]
suggested patch
Comment 2 Damien Miller 2003-08-25 10:58:46 AEST 
Applied, thanks.
Comment 3 Damien Miller 2004-04-14 12:24:19 AEST 
Mass change of RESOLVED bugs to CLOSED