Oh well, this wasn't enough. There's #ifdef 0 'ed code in src/signer/opensc-support.c that selects the first non-repudiation key pair. Uncommeting this was enough for to get the Finnish EID card with the Finnish PRC (Population Registration Centre), but not working with a Finnish bank (authentication using SSL class 3 and PKCS#11 module, digital signing for other stuff). The reason seems to be that the PRC just echoes the signature back, but the bank will verify it.
See http://www.bel.fi/~alankila/blog/2006/10/11/All%20fine%20with%20FINEID%3F.html for more information. Anyway, the whole thing is sort of broken. Selecting the first non-rep key might work only in Finland, and break some other digital signature applications. The problem lies that there seems to be no "standard" way to give the plugin the information which private key to use to sign. It might be carried in the HTML attributes (like other parameters), but that's not "the standard". I guess better way would be to make opensc- signer to present a dialog to the user which key to select, but this is beyond my C & Linux skills (no GTK skills whatsoever).. -- mozilla-opensc should NONREPUDIATION key instead of SIGN key when creating a digital signature https://bugs.launchpad.net/bugs/215104 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
