diff options
| author | Werner Koch <wk@gnupg.org> | 2020-07-02 18:35:34 +0200 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2020-07-02 18:35:34 +0200 |
| commit | c1663c690b29d2dea8bc782c42de5eca08a24cc9 (patch) | |
| tree | ef996e1abcc70e2c4deea51f47b38a4bf9f4e718 /scd/iso7816.c | |
| parent | dirmngr: Silence annoying warning for missing default ldap server file. (diff) | |
| download | gnupg2-c1663c690b29d2dea8bc782c42de5eca08a24cc9.tar.xz gnupg2-c1663c690b29d2dea8bc782c42de5eca08a24cc9.zip | |
scd:nks: Implement writecert for the Signature card v2.
* scd/iso7816.c (CMD_UPDATE_BINARY): New.
(iso7816_update_binary): New.
* scd/app-nks.c (do_deinit): Factor some code out to...
(flush_fid_cache): new.
(do_writecert): New.
(app_select_nks): Register new handler.
--
This can be used with gpg-card to write the 3 extra certificates of a
Telesec TCOS Signature Card v2. The card with the qualified signature
is distributed with the keys for encryption and advanced signatures
but without the certificates. The certificates can be downloaded from
the website after an mail confirmation. Unpacked the downloaded
zipfile has these certificates:
auth_zert.crt
sig_zert.crt
enc_zert.crt
Using gpg-card issue these commands:
writecert NKS-NKS3.4531 <sig_zert.crt
writecert NKS-NKS3.45B1 <enc_zert.crt
writecert NKS-NKS3.4571 <auth_zert.crt
Don't mix that up, tight now there is no checking that the
certificates match the public key. I also need to write another patch
to actually implement signing and encryption with these nistp256
certificates.
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'scd/iso7816.c')
| -rw-r--r-- | scd/iso7816.c | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/scd/iso7816.c b/scd/iso7816.c index 75aa8de3d..a841f77e0 100644 --- a/scd/iso7816.c +++ b/scd/iso7816.c @@ -45,6 +45,7 @@ #define CMD_GET_CHALLENGE 0x84 #define CMD_READ_BINARY 0xB0 #define CMD_READ_RECORD 0xB2 +#define CMD_UPDATE_BINARY 0xD6 static gpg_error_t map_sw (int sw) @@ -1018,3 +1019,23 @@ iso7816_read_record (int slot, int recno, int reccount, int short_ef, return 0; } + + +/* Perform an UPDATE BINARY command on card in SLOT. Write DATA of + * length DATALEN to a transparent file at OFFSET. */ +gpg_error_t +iso7816_update_binary (int slot, int extended_mode, size_t offset, + const void *data, size_t datalen) +{ + int sw; + + /* We can only encode 15 bits in p0,p1 to indicate an offset. Thus + * we check for this limit. */ + if (offset > 32767) + return gpg_error (GPG_ERR_INV_VALUE); + + sw = apdu_send_simple (slot, extended_mode, 0x00, CMD_UPDATE_BINARY, + ((offset>>8) & 0xff), (offset & 0xff), + datalen, (const char*)data); + return map_sw (sw); +} |