Nils Larsch a écrit :
Service Développement wrote:Hi Nils, I agree with you that objects are created with PIN protection if auth_id is empty. But, it's not the goal of this modification. The pkcs#11 documentation says that "The common Objects attributes CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_LABEL must be specified when object is created." So, my application have to create some data objects with the attribute CKA_PRIVATE to TRUE, and others with CKA_PRIVATE to FALSE. Without this modification (flag receive SC_PKCS15_CO_FLAG_PRIVATE), when this application list the differents created data objects, all of them have the CKA_PRIVATE attribute to FALSE !! Why ? Because, by default, data objects in pkcs#15 are created with DEFAULT_DATA_FLAGS (0x02) in the function sc_pkcs15init_new_object. The CKA_PRIVATE attribute is not managed between the opensc pkcs#11 structure and the differents pkcs#15 structures. there is no parameter to change it. That's why i added this modification. I think that if PKCS#11 allows the management of CKA_PRIVATE attribute, the PKCS#15 have to manage it too. Maybe there is another solution with the existing parameters, but i didn't find how to do it... So, to conclude, this modification is not made for protecting the data objects, but it allows an application to differentiate private data and public data. Cheers, --
Vincent
WYON
Dhimyotis 5 allée des écuries 59650 Villeneuve d'ascq tél. : 03 20 79 24 09
============================================= Ce mail est signé électroniquement grâce au système Certigna. Il a valeur légale. Pour plus d'informations, connectez-vous à : ============================================= |
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
