On 06.08.2009, at 17:01, Andreas Jellinghaus wrote: > I think when I last tried to use my official german eid card, it > didn't > ask me for all three pins, so I guess maybe only a flag is missing or > something like that. martin, maybe you know how to prevent this? https://bugzilla.mozilla.org/show_bug.cgi?id=322145#c3 describes the "feature" as I see it, subsequent comments describe other feelings about it. Common understanding is that it there should be a GUI checkbox to set this flag in Firefox/Thunderbird. Until FF<3.5 it was possible to load the module into Firefox with the FRIENDLY bit set with Javascript, but it was removed in 3.5 because of security fears. Now only .xpi installers can call the javascript code to install pkcs11 modules.
> a specialised version of opensc with gui is fine with me. > some countries have requirements for special texts or graphics > to be shown before someone sings an official document digitaly, > and I guess a very tight integration is the only way to do that. That should be the responsibility of the calling application to do GUI. Some intelligent glue code that would detect if there is a "user environment" attached to the PKCS#11 session might be used as well, but that would break "correct" applications. You can't do modal windows for example (like Firefox opens when you use a pinpad reader with OpenSC). This is about PKCS#11. I don't think we should encourage direct linking to libopensc any more. >> 4. Is there any way to automatically cache the contents of the card? >> The official middleware seems to do this. As you can see, the card as >> a lot of information and is somewhat slow. Every time it is >> initialized, a considerable amount of time is "wasted". > > opensc has some cache logic, but I know nothing about it. > > what do you mean with initialized? i.e. a new plain > card is written content to? then of course caching doesn't > help, but the whole process if faster of course, if data > is created in memory first, and then written out to the card > in one big go. but I think opensc works more in a step by step > way. Initialization probably means C_Initialize -> pkcs15_bind() which takes a lot of time indeed (it reads out certificates for example). There are some small optimizations I've tried to speed things up, but no real "good stuff" yet. m. -- Martin Paljak http://martin.paljak.pri.ee +372.515.6495 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
