scd:nks: Implement writecert for the Signature card v2.

* scd/iso7816.c (CMD_UPDATE_BINARY): New. (iso7816_update_binary): New. * scd/app-nks.c (do_deinit): Factor some code out to... (flush_fid_cache): new. (do_writecert): New. (app_select_nks): Register new handler. -- This can be used with gpg-card to write the 3 extra certificates of a Telesec TCOS Signature Card v2. The card with the qualified signature is distributed with the keys for encryption and advanced signatures but without the certificates. The certificates can be downloaded from the website after an mail confirmation. Unpacked the downloaded zipfile has these certificates: auth_zert.crt sig_zert.crt enc_zert.crt Using gpg-card issue these commands: writecert NKS-NKS3.4531 <sig_zert.crt writecert NKS-NKS3.45B1 <enc_zert.crt writecert NKS-NKS3.4571 <auth_zert.crt Don't mix that up, tight now there is no checking that the certificates match the public key. I also need to write another patch to actually implement signing and encryption with these nistp256 certificates. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-03 22:56:33 +02:00 · 2020-07-02 18:35:34 +02:00 · 2020-07-02 18:35:34 +02:00 · c1663c690b
commit c1663c690b
parent f55a05a69b
3 changed files with 133 additions and 8 deletions
--- a/scd/iso7816.h
+++ b/scd/iso7816.h
@ -148,5 +148,7 @@ gpg_error_t iso7816_read_binary (int slot, size_t offset, size_t nmax,
 gpg_error_t iso7816_read_record (int slot, int recno, int reccount,
                                 int short_ef,
                                 unsigned char **result, size_t *resultlen);
+gpg_error_t iso7816_update_binary (int slot, int extended_mode, size_t offset,
+                                   const void *data, size_t datalen);

 #endif /*ISO7816_H*/