Cornelius Koelbel wrote:
Hello,
I liked the pkcs11-tool very much and used it with aladdin's own pkcs11-lib.
But I could not manage to initialize the token and i could not change the
pin.
The Aladdin eToken can only be initialized after having logged in as a
user and having closed this session again.
sounds like a bug
The PIN can only be changed, when logged in as a User before.
So I wrote some small patches that worked for, so I could now initialize
the token and change the PIN.
I am not a real programmer and I guess the patches may not be valid for
other tokens. Maybe for the initilization-patch there should be an
if-statement or a commandline switch, that activates this code.
Take a look at it and think of it. If there are any questions I will be
pleased to answer them...
The patches are against pkcs11-tool.c version 0.10.1.
please use unified diffs, normal diffs are difficult to read
=> at least I will ignore them if I don't have much time.
755a756
789a791
CK_SESSION_HANDLE session; // cko
795c797
<
---
796a799,813
/* Add for aladdin eToken with aladdin's libetpkcs11.so
Before initializing the token, we have to login
to the token. cko */
rv = p11->C_OpenSession(opt_slot, CKF_SERIAL_SESSION| CKF_RW_SESSION,
NULL, NULL, &session);
if (rv != CKR_OK)
p11_fatal("C_OpenSession", rv);
login(session, 0); // login as CKU_USER
/* we need to close the session again. */
rv = p11->C_CloseSession(session);
/* end of Aladdin specific stuff */
are you sure that this workaround wont cause problems for
other pkcs11 libs ?
879a897,902
/* cko: first we need to login to the token! */
rv = p11->C_Login(sess, CKU_USER, (CK_UTF8CHAR *) old_pin, old_pin ==
NULL ? 0 : strlen(old_pin));
if (rv != CKR_OK)
p11_fatal("C_Login", rv);
/* end */
this will certainly cause problem if you try to change the so-pin
Cheers,
Nils
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
