turnkey/openpgp-card
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add some notes about the 'cardholder certificate' feature.

Browse source
This commit is contained in:
Heiko Schaefer 2022-08-30 17:49:59 +02:00
parent e5537c04f5
commit 0f50eda297
No known key found for this signature in database
GPG key ID: 4A849A1904CCBD7D
1 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
openpgp-card/src/openpgp.rs
View file

@ -141,6 +141,16 @@ impl<'a> OpenPgpTransaction<'a> {
///
/// Call select_data() before calling this fn to select a particular
/// certificate (if the card supports multiple certificates).
///
/// According to the OpenPGP card specification:
///
/// The cardholder certificate DOs are designed to store a certificate (e. g. X.509)
/// for the keys in the card. They can be used to identify the card in a client-server
/// authentication, where specific non-OpenPGP-certificates are needed, for S-MIME and
/// other x.509 related functions.
///
/// (See https://support.nitrokey.com/t/nitrokey-pro-and-pkcs-11-support-on-linux/160/4
/// for some discussion of the `cardholder certificate` OpenPGP card feature)
#[allow(dead_code)]
pub fn cardholder_certificate(&mut self) -> Result<Vec<u8>, Error> {
log::info!("OpenPgpTransaction: cardholder_certificate");