In our AKIS PKCS-15 setup, PrKDF and PuKDF files need CHV for read access. That is conformant to the RSA EID Conformance Profile Spec file on their site. Other DFs are read accessible without a PIN.
Now, with OpenSC API, I can do the following (in pseudo code): sc_connect_card(reader, slot, &card); sc_pkcs15_bind(card, &p15card); sc_pin_cmd(My CHV PIN...); // enter PIN here sc_pkcs15_find_prkey_by_id_usage(p15card, USAGE_SIGN.... &key); sc_pkcs15_compute_signature(p15card, key, input & output...); In that code, I connect the card, parse the ODF, enter PIN for PrKDF access, find the key, and sign the data. When I try to do that with PKCS-11 API: C_Initialize(NULL); C_OpenSession(slot_id, CKF_SERIAL_SESSION, NULL, NULL, &session); C_Login(session, CKU_USER, "PIN here", 5); C_OpenSession() fails with CKR_TOKEN_NOT_PRESENT, cause OpenSC PKCS-11 implementation insists that PrKDF must be read at that point, even though no PIN is provided. How can I solve that problem? OpenSC API is fine for simple applications, but PAM smart card module needs the PKCS-11 API, and that doesn't work with the EID setup here. _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
