On Sun, Aug 10, 2008 at 12:26 AM, Emanuele Pucciarelli <[EMAIL PROTECTED]> wrote: > Il giorno 10/ago/08, alle ore 00:13, Ludovic Rousseau ha scritto: > >> Is it that simple than returning an error code (or something similar) >> to Firefox so that Firefox asks the PIN to the user and issue a new >> C_Login() with the PIN to the provider? >> >> Does OpenSC support that feature? >> Does Firefox support that feature? > > In theory, if the private key has the CKA_ALWAYS_AUTHENTICATE attribute set > (PKCS#11 ยง10.9, towards the end), then one C_Login() call will suffice for > just one use of the private keys, and subsequent uses will return > CKR_USER_NOT_LOGGED_IN.
Thanks, that was the information I was looking for. Two problems with CKA_ALWAYS_AUTHENTICATE: - it appeared in PKCS#11 v2.20 and is not present in earlier versions - it is not (yet) supported by Firefox v3.0 After searching for CKA_ALWAYS_AUTHENTICATE in the OpenSC lists archive I found interesting threads like: - "Feature request : signing with the new belgian eID card" [1], Aug 2005 - "opensc/src/libopensc pkcs15.c, 1.103, 1.104 pkcs15.h, 1.82, 1.83" [2] Mar 2005 - "Initial UserConsent support (no GUI yet)" [3] May 2005 The problem is not new but no real solutions has been provided AFAIK. > I would guess that OpenSC does not support that right now, but it should be > fairly easy to implement, and I would expect Firefox to support it. (Even if > the developers did not support it explicitly, getting CKR_USER_NOT_LOGGED_IN > as a result from a signature should be enough to make one want to login > again!) I will try that. Thanks Emanuele, [1] http://www.opensc-project.org/pipermail/opensc-devel/2005-August/006672.html [2] http://www.opensc-project.org/pipermail/opensc-devel/2005-March/005745.html [3] http://www.opensc-project.org/pipermail/opensc-devel/2005-May/006135.html -- Dr. Ludovic Rousseau _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
