Idea: multiple identities

[szszszsz]

Provide a way to simulate multiple OpenPGP 2.x cards on the device. Could be a workaround for #22.

cc @alex-nitrokey

• [x] Write test cases (test ID change multiple times to check the counter in action, check actual key changes, check certDO limit for the last identity).
• [x] Test by hand (PIN cache between changes).

[szszszsz]

Mentioned commit triples the user storage, leaving 3kB for firmware changes.

[alex-nitrokey]

Mh, I would say the best approach would be to support and implement the MANAGE SECURITY ENVIRONMENT (MSE) feature of OpenPGP Card v3.3 specification. This way, OpenSC would just work as in real OpenPGP Cards. I am not sure if the approach above would work in OpenSC, but I guess it could get really messy.

In the end it can get more and more difficult to get Gnu/Start devices supported by software if they do not stick to the specification imho. So best case would be to support all changes of OpenPGP Card v3.3 or none.

Having admin-less PIN usage and ECC independent of any specification has already caused some problems, although these are desirable features.

[szszszsz]

Merged to main branch with #33. To be tested.