scd:nks: Implement writecert for the Signature card v2.

* scd/iso7816.c (CMD_UPDATE_BINARY): New.
(iso7816_update_binary): New.
* scd/app-nks.c (do_deinit): Factor some code out to...
(flush_fid_cache): new.
(do_writecert): New.
(app_select_nks): Register new handler.
--

This can be used with gpg-card to write the 3 extra certificates of a
Telesec TCOS Signature Card v2.  The card with the qualified signature
is distributed with the keys for encryption and advanced signatures
but without the certificates.  The certificates can be downloaded from
the website after an mail confirmation.  Unpacked the downloaded
zipfile has these certificates:

  auth_zert.crt
  sig_zert.crt
  enc_zert.crt

Using gpg-card issue these commands:

 writecert NKS-NKS3.4531 <sig_zert.crt
 writecert NKS-NKS3.45B1 <enc_zert.crt
 writecert NKS-NKS3.4571 <auth_zert.crt

Don't mix that up, tight now there is no checking that the
certificates match the public key.  I also need to write another patch
to actually implement signing and encryption with these nistp256
certificates.

Signed-off-by: Werner Koch <wk@gnupg.org>

1 files changed, 2 insertions, 0 deletions

diff --git a/scd/iso7816.h b/scd/iso7816.h
index b59103db2..10a1aa8d1 100644
--- a/scd/iso7816.h
+++ b/scd/iso7816.h
@@ -148,5 +148,7 @@ gpg_error_t iso7816_read_binary (int slot, size_t offset, size_t nmax,
 gpg_error_t iso7816_read_record (int slot, int recno, int reccount,
                                  int short_ef,
                                  unsigned char **result, size_t *resultlen);
+gpg_error_t iso7816_update_binary (int slot, int extended_mode, size_t offset,
+                                   const void *data, size_t datalen);
 
 #endif /*ISO7816_H*/