On 8/10/08, Ludovic Rousseau <[EMAIL PROTECTED]> wrote: > On Sat, Aug 9, 2008 at 9:48 PM, Alon Bar-Lev <[EMAIL PROTECTED]> wrote: > > PKCS#11 specification has protected authentication path feature to > > allow the provider to take care the authentication. > > > Are you talking about CKF_PROTECTED_AUTHENTICATION_PATH? > Isn't that supposed to tell the application that the PKCS#11 provider > can get the PIN without the application help (like using a pinpad > reader)?
Yes. PIN Pad is one way of getting PIN... Biometric is another... A simple GUI is also acceptable. Anything as long as the provider handles the authentication. > > There is no way to tell the application how to request a PIN, only > > that a PIN is required. > > > > I kind of not understanding your issue, can you please explain some > > more, why does the application you use does not prompt for passphrase. > > > My application is (mainly) Firefox. > > Is it that simple than returning an error code (or something similar) > to Firefox so that Firefox asks the PIN to the user and issue a new > C_Login() with the PIN to the provider? Yes. It should be so. There are some issues with nss implementation which requires more than the lowest PKCS#11 requirements. So, for example, nss prompt for PIN every renegotiation [1], [2]. Alon. [1] https://bugzilla.mozilla.org/show_bug.cgi?id=149673 [2] https://bugzilla.mozilla.org/show_bug.cgi?id=322145 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
