Justin R Eylander wrote:
Hello all, I was wondering if there was any mechanism in OpenSC to
allow for PIN caching for user consent keys. I'm working on building a
plug-in for a card that requires the PIN to be entered immediately
before signing operations by a specific key and I would like to take
advantage of anything that is already written. Caching is especially
important for apps like Thunderbird that only force card login once and
assume everything will work from that point on.
I would hope you would never try to cache a pin especially with
a card like the one you describe:
* If the card was issued such that you had to enter the pin
before every signature, then you are violating the policy
that the card is trying to enforce and you leave the yourself
open to misuse of the card.
* Newer card readers have a PIN pad so that the host/application
will never see the PIN, and therefore the application can not
cache it. These readers help avoid keyboard sniffers, and
applications like yours that try and cache (i.e. misuse the PIN).
* The user is expecting that every time the card is required
to do a signature, they will be notified and can make the choice
of signing or not.
Maybe Thunderbird needs to make some changes too, to abide by
the policies that the card issuer and user are expecting.
Thanks,
Justin Eylander
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
--
Douglas E. Engert <[EMAIL PROTECTED]>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
