Hi Thomas,
OK, patch applied, thanks.
For Wiki access, you should ask Andreas.
Or otherwise send the info to me then I'll put it the Wiki.
Cheers,
Stef
Thomas Harning wrote:
On Mon, 12 Jun 2006 22:37:05 +0200
Stef Hoeben <[EMAIL PROTECTED]> wrote:
Hi,
the MuscleCard applet seems to work nicely.
Here some additional questions:
If you 'personalize' the applet with
00A4040006A00000000101
B02A000038084D7573636C6530300401083030303030303030083030303030303030
0502 08303030303030303008303030303030303000001770000201
- then you have to start with
pkcs15-init -C -p pkcs15+onepin --pin 00000000 --puk 00000000
(or is there another way?)
- should/can the SO PIN be used (it's not know at the pkcs15 level
when using the 'onepin'
profile option with pkcs15-init)?
Right now using the SO PIN is not implemented because for our purposes,
the one-pin methodology was doing what we wanted.
However, it is set up so that the default profile for muscle-cards in
pkcs15-init is the onepin... so -p pkcs15+onepin isn't necessary
(although is does work).
So.. in short:
pkcs15-init -C -p pkcs15+onepin --pin 00000000 --puk 00000000
pkcs15-init -C --so-pin 00000000 --so-puk 00000000
Will essentially do the same thing...
It won't actually use the administrator PIN... the SO PIN reference is
set to 01, which is in fact the user's PIN reference.
Also... at least for me... setting pin and puk via command line do not
seem to work well for me. I was attempting it recently and using
--so-pin and --so-puk would set the user PIN for that initialization
step even though the PIN being set is not a 'SO' pin. It is probably a
symptom of the one-pin method being forced upon the default
so-pin/user-pin combination.
- there exist no PUKs for the SO en user PINs?
PUK's do exist. I believe I had one used at one time or another...
A little remark: if you enter a wrong PIN, go get "Card command
failed" while it would be nicer to get back an
SC_ERROR_PIN_CODE_INCORRECT or SC_ERROR_AUTH_METHOD_BLOCKED.
Attached is a quick patch to fix those error messages. In the error
checking I have it look at the return values... apparently there's
unexpected values being returned... The patch just makes it so
that any unexpected values mean that the pin failed.
Also... as soon as I get a Wiki account on the OpenSC website, I'll
start describing in more detail what is going on so that other
developers can understand the quirks/limitations that exist (and may
think of a way to fix them ;) )
Is there a specific person I should email about a wiki account?
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
