I'm currently looking into implementing proper symmetric secret key
support in opensc on pkcs#15 level.
There seems to have been some attempts on it before , but that did
not really progress. I've been now analyzing how I'd like to approach
the issue, and would like to check if the overall plan is acceptable.
I would like to:
- Simplify the handling of pkcs15_object EXPLICIT tagging see  for
preliminary work, which needs still work as commented in 
- Now large parts of the abstraction for generating and uploading the
secret key's could be shared with the private key path. I would
therefore like to merge 'struct sc_pkcs15_skey_info' and 'struct
sc_pkcs15_prkey_info'. Would this sound acceptable change?
- It might make sense to rename SC_PKCS15_PRKEY_* to SC_PKCS15_KEY_*
as they are shared for all-key types everywhere.
- I plan to implement AES key support. According to ISO specification
this should be encoded as 'algIndependentKey' and indicate the key
type via CommonKeyAttributes.algReference that links to
CardInfo.supportedAlgorithms entry which describes the algorithm.
* Should we introduce SC_PKCS15_TYPE_SKEY_* ID for each symmetric key
type? Or should that be mapped to the pkcs#15 object type, and
either resolve the key type runtime, or add a separate
key_algorithm if needed in addition to existing fields?
Some guidance on these matters would get me started, I may get
additional questions later. And I hope to submit code for review earlier
Any other thoughts, or comments? All feedback at this point would be