Martin Paljak wrote:
On 05.05.2006, at 12:10, [EMAIL PROTECTED] wrote:
if the card doesn't support a logout functionality it's not an error
Actually, when doing some debugtesting with the Estonian eID card,
threading and locking and so on, i found the fact that the default
logout function always changes to MF somewhat annoying and not quite
right for my case at least. Would it be a suggested practice to
overwrite the default logout function for cards that might need it
(like internal state is changed to not authenticated for example) ?
It's easy to add a card function to override the default logout
function, but i'd like to know something more about the feature in
default ISO implementation and why it is there. When lock-login is
false, for pkcs#11 implementation to call logout function when there
is actually no *logout* requested does not seem right. logout could
be called on disconnect maybe, but not after each transaction....
Most cards (e.g. cryptoflex, setcos) don't have a 'logout' command,
so that's why by default a 'select MF' is done. The idea is that if the
PIN is local to a DF
then selecting the MF will clear the PIN status (e.g. for the opensc
cryptoflex profile).
But if the PIN is global or local to the MF, then this won't work (e.g.
for the opensc
setcos profile).
And in the last case there's no possibility to log out (unless you reset
the card or so).
It makes indeed sense not to do a logout after each transaction (unless
you want to
protect your card agains other users on the machine). For some cards
(e.g. Setcos)
it would allow you to get rid of the pin caching. But e.g. on a
cryptoflex you would
still need it in case the MF is selected for some reason...
Just some info, I don't know how to make things more conforming, or even if
that would be desired...
Cheers,
Stef
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
