OpenPGP card specification: Data Object of 0x7f21 ("CERT-3")
Sébastien Lorquet
sebastien at lorquet.fr
Wed Dec 21 10:32:10 CET 2011
Hi,
On May 18, 2011, Werner told me that:
> There won't be a stupid old file system interface.
Will you be luckier than me?
Regards
Sebastien
NIIBE Yutaka <gniibe at fsij.org> a écrit :
> Hi,
>
> This is my comment for OpenPGP card specification version 2.0, with
> regard to Data Object 0x7f21, according to my experience of developing
> Gnuk.
>
> In short, Data Object 0x7f21 ("CERT-3") is difficult to support.
>
> If I understand correctly, this data object supposed to have X.509
> certificate for authentication key "OPENPGP.3".
>
> The size of this data object is big, from the viewpoint of smartcard.
> When I created my certificate with cacert.org, its length is 1328 byte
> (for my RSA 2048-bit key for authentication). I think that it can be
> bigger.
>
> While other data objects are small enough (< 256 bytes), this data
> object is exceptionally big.
>
> Current of GnuPG for exended APDU level cannot handle such a big data
> object. This is true for internal ccid driver as well as for PC/SC
> backend.
>
> For ccid driver, it's ccid-driver.c:ccid_transceive_apdu_level, which
> has smaller buffer. For PC/SC backend it's
> pcsc-wrapper.c:handle_transmit which has 1024-byte buffer.
>
> I wonder to change ccid-driver.c and pcsc-wrapper.c just for the data
> object 0x7f21. So, I have investigated if there are some use case for
> this data object. I had thought that it were used by Scute and Poldi,
> but I couldn't find any use case in the code.
>
> In my opinion, it would be better to define EF (elementary file)
> instead of DO for large data, so that it can be accessed by
> READ_BINARY and WRITE_BINARY.
> --
>
>
>
> _______________________________________________
> Gnupg-devel mailing list
> Gnupg-devel at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-devel
More information about the Gnupg-devel
mailing list