Ticket #158 (new defect)

Opened 15 months ago

Last modified 13 months ago

test to be removed when decrytpion command is used for signing

Reported by: lars Owned by: aj
Priority: highest Milestone:
Component: opensc Version: 0.11.3
Severity: critical Keywords:
Cc:

Description

The code has recently been modified so that cards using card decryption commands for signing could be used. The non-repudiation key of a PrimeCard can not be used since a check is made that prevent keys that do not have "decrypt" or "unwrap" of key usage to be used.

To fix this these lines starting at line 79 of the file pkcs15-sec.c should be removed:

if (!(prkey->usage & (SC_PKCS15_PRKEY_USAGE_DECRYPT|SC_PKCS15_PRKEY_USAGE_UNWRAP))) {

sc_error(ctx, "This key cannot be used for decryption\n"); return SC_ERROR_NOT_ALLOWED;

}

Maybe this check should be done earlier instead when it is known for sure that it is really a decryption that should be done (not a signing using the sc_pkcs15_decipher function).

Attachments

ticket_158.patch (0.7 kB) - added by lars 13 months ago.
Patch for change to solve the ticket.

Change History

Changed 13 months ago by lars

  • summary changed from test to be removed when decrytpion cammand is used for signing to test to be removed when decrytpion command is used for signing

Changed 13 months ago by lars

Patch for change to solve the ticket.

Note: See TracTickets for help on using tickets.