pkcs15-piv.c placeholder for Yubikey key Attestation certificate CK_ID

Yubikey PKCS11 module uses CKA_ID "25" for its Attestation certificate which is read using a Yubikey APDU. Other PIV certificates are stored in PIV objects and the certificate is extracted from the object. OpenSC code was using the same CKA_ID for "Secure Messaging Certificate Signer" which is used with PIV SM. So to avoid any confusion, the "Secure Messaging Certificate Signer" will now use "81". On branch placeholer-for-Attestation Changes to be committed: modified: pkcs15-piv.c
dengert · Nov 18, 2023 · 57052c2 · 57052c2
1 parent a229082
commit 57052c2
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/src/libopensc/pkcs15-piv.c b/src/libopensc/pkcs15-piv.c
@@ -370,7 +370,8 @@ static int sc_pkcs15emu_piv_init(sc_pkcs15_card_t *p15card)
 		{"22", "Retired Certificate for Key Management 18", "1012cece", 0, 0},
 		{"23", "Retired Certificate for Key Management 19", "1013cece", 0, 0},
 		{"24", "Retired Certificate for Key Management 20", "1014cece", 0, 0},
-		{"25", "Secure Messaging Certificate Signer",   "1017cece", 0, 0} /* no keys on card */
+		/* Yubikey Attestation uses "25" but not read via GET_DATA */
+		{"81", "Secure Messaging Certificate Signer",   "1017cece", 0, 0} /* no keys on card */
 	};
 	// clang-format on