diff options
| author | Werner Koch <[email protected]> | 2002-06-15 16:46:27 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2002-06-15 16:46:27 +0000 |
| commit | ccb0bb10e11007193fb9f91dfdb1494bd09143c1 (patch) | |
| tree | a51c42eaa61d52afd603287059cbf8f1476a2969 | |
| parent | Fixed last fix. (diff) | |
| download | gnupg-ccb0bb10e11007193fb9f91dfdb1494bd09143c1.tar.gz gnupg-ccb0bb10e11007193fb9f91dfdb1494bd09143c1.zip | |
* card-dinsig.c: Documented some stuff from the DIN norm.
| -rw-r--r-- | scd/ChangeLog | 4 | ||||
| -rw-r--r-- | scd/card-dinsig.c | 55 |
2 files changed, 57 insertions, 2 deletions
diff --git a/scd/ChangeLog b/scd/ChangeLog index 488b2fe29..13ac0c07c 100644 --- a/scd/ChangeLog +++ b/scd/ChangeLog @@ -1,3 +1,7 @@ +2002-06-15 Werner Koch <[email protected]> + + * card-dinsig.c: Documented some stuff from the DIN norm. + 2002-04-15 Werner Koch <[email protected]> * command.c (cmd_pksign, cmd_pkdecrypt): Use a copy of the key ID. diff --git a/scd/card-dinsig.c b/scd/card-dinsig.c index 3e461fd99..4080350c6 100644 --- a/scd/card-dinsig.c +++ b/scd/card-dinsig.c @@ -18,6 +18,58 @@ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ +/* The German signature law and its bylaw (SigG and SigV) is currently + used with an interface specification described in DIN V 66291-1. + The AID to be used is: 'D27600006601'. + + The file IDs for certificates utilize the generic format: + Cxyz + C being the hex digit 'C' (12). + x being the service indicator: + '0' := SigG conform digital signature. + '1' := entity authentication. + '2' := key encipherment. + '3' := data encipherment. + '4' := key agreement. + other values are reserved for future use. + y being the security environment number using '0' for cards + not supporting a SE number. + z being the certificate type: + '0' := C.CH (base certificate of ard holder) or C.ICC. + '1' .. '7' := C.CH (business or professional certificate + of card holder. + '8' .. 'D' := C.CA (certificate of a CA issue by the Root-CA). + 'E' := C.RCA (self certified certificate of the Root-CA). + 'F' := reserved. + + The file IDs used by default are: + '1F00' EF.SSD (security service descriptor). [o,o] + '2F02' EF.GDO (global data objects) [m,m] + 'A000' EF.PROT (signature log). Cyclic file with 20 records of 53 byte. + Read and update after user authentication. [o,o] + 'B000' EF.PK.RCA.DS (public keys of Root-CA). Size is 512b or size + of keys. [m (unless a 'C00E' is present),m] + 'B001' EF.PK.CA.DS (public keys of CAs). Size is 512b or size + of keys. [o,o] + 'C00n' EF.C.CH.DS (digital signature certificate of card holder) + with n := 0 .. 7. Size is 2k or size of cert. Read and + update allowed after user authentication. [m,m] + 'C00m' EF.C.CA.DS (digital signature certificate of CA) + with m := 8 .. E. Size is 1k or size of cert. Read always + allowed, update after uder authentication. [o,o] + 'C100' EF.C.ICC.AUT (AUT certificate of ICC) [o,m] + 'C108' EF.C.CA.AUT (AUT certificate of CA) [o,m] + 'D000' EF.DM (display message) [-,m] + + The letters in brackets indicate optional or mandatory files: The + first for card terminals under full control and the second for + "business" card terminals. + + FIXME: Needs a lot more explanation. + +*/ + + #include <config.h> #include <errno.h> #include <stdio.h> @@ -38,8 +90,7 @@ static int dinsig_read_cert (CARD card, const char *certidstr, /* See card.c for interface description. Frankly we don't do any real enumeration but just check whether the well know files are - available. - */ + available. */ static int dinsig_enum_keypairs (CARD card, int idx, unsigned char *keygrip, char **keyid) |