From ccb0bb10e11007193fb9f91dfdb1494bd09143c1 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Sat, 15 Jun 2002 16:46:27 +0000
Subject: [PATCH] * card-dinsig.c: Documented some stuff from the DIN norm.

---
 scd/ChangeLog     |  4 ++++
 scd/card-dinsig.c | 55 +++++++++++++++++++++++++++++++++++++++++++++--
 2 files changed, 57 insertions(+), 2 deletions(-)

diff --git a/scd/ChangeLog b/scd/ChangeLog
index 488b2fe29..13ac0c07c 100644
--- a/scd/ChangeLog
+++ b/scd/ChangeLog
@@ -1,3 +1,7 @@
+2002-06-15  Werner Koch  <wk@gnupg.org>
+
+	* card-dinsig.c: Documented some stuff from the DIN norm.
+
 2002-04-15  Werner Koch  <wk@gnupg.org>
 
 	* command.c (cmd_pksign, cmd_pkdecrypt): Use a copy of the key ID.
diff --git a/scd/card-dinsig.c b/scd/card-dinsig.c
index 3e461fd99..4080350c6 100644
--- a/scd/card-dinsig.c
+++ b/scd/card-dinsig.c
@@ -18,6 +18,58 @@
  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
  */
 
+/* The German signature law and its bylaw (SigG and SigV) is currently
+   used with an interface specification described in DIN V 66291-1.
+   The AID to be used is: 'D27600006601'.
+
+   The file IDs for certificates utilize the generic format: 
+        Cxyz
+    C being the hex digit 'C' (12).
+    x being the service indicator:
+         '0' := SigG conform digital signature.
+         '1' := entity authentication.
+         '2' := key encipherment.
+         '3' := data encipherment.
+         '4' := key agreement.
+         other values are reserved for future use.
+    y being the security environment number using '0' for cards
+      not supporting a SE number.
+    z being the certificate type:
+         '0'        := C.CH (base certificate of ard holder) or C.ICC.
+         '1' .. '7' := C.CH (business or professional certificate
+                       of card holder.
+         '8' .. 'D' := C.CA (certificate of a CA issue by the Root-CA).
+         'E'        := C.RCA (self certified certificate of the Root-CA).
+         'F'        := reserved.
+   
+   The file IDs used by default are:
+   '1F00'  EF.SSD (security service descriptor). [o,o]
+   '2F02'  EF.GDO (global data objects) [m,m]
+   'A000'  EF.PROT (signature log).  Cyclic file with 20 records of 53 byte.
+           Read and update after user authentication. [o,o]
+   'B000'  EF.PK.RCA.DS (public keys of Root-CA).  Size is 512b or size 
+           of keys. [m (unless a 'C00E' is present),m]
+   'B001'  EF.PK.CA.DS (public keys of CAs).  Size is 512b or size
+           of keys. [o,o]
+   'C00n'  EF.C.CH.DS (digital signature certificate of card holder)
+           with n := 0 .. 7.  Size is 2k or size of cert.  Read and
+           update allowed after user authentication. [m,m]
+   'C00m'  EF.C.CA.DS (digital signature certificate of CA)
+           with m := 8 .. E.  Size is 1k or size of cert.  Read always 
+           allowed, update after uder authentication. [o,o]
+   'C100'  EF.C.ICC.AUT (AUT certificate of ICC) [o,m]
+   'C108'  EF.C.CA.AUT (AUT certificate of CA) [o,m]
+   'D000'  EF.DM (display message) [-,m]
+   
+   The letters in brackets indicate optional or mandatory files: The
+   first for card terminals under full control and the second for
+   "business" card terminals.
+
+   FIXME: Needs a lot more explanation.
+
+*/
+
+
 #include <config.h>
 #include <errno.h>
 #include <stdio.h>
@@ -38,8 +90,7 @@ static int dinsig_read_cert (CARD card, const char *certidstr,
 
 /* See card.c for interface description.  Frankly we don't do any real
    enumeration but just check whether the well know files are
-   available.
- */
+   available.  */
 static int
 dinsig_enum_keypairs (CARD card, int idx,
                       unsigned char *keygrip, char **keyid)