I'm looking at implementing support for unblocking a locked PIN in my application, but looking at OpenSC that doesn't seem to be possible. In fact, there are a number of issues along the way.
The correct way of unblocking a PIN, as far as I understand, is calling C_Login(CKU_SO) followed by C_InitPIN(). This is how pkcs11-tool does it, as well as a sample for pykcs11. Now for the problems: 1. C_Login(CKU_SO) doesn't seem to work on any of my PKCS#15 cards. Looking at the code, it seems OpenSC wants to do a VERIFY operation, but that requires a reference number which in turn requires a PIN object for the SO PIN, which doesn't exist on any of my cards. 2. C_InitPIN() tries to use pkcs15init to create an entirely new PIN object, not reset the existing one. I have little hopes this will result in anything even remotely close to what I'm after. Since pkcs15-tool -u works, I'm assuming what I want is to gain access to sc_pkcs15_unblock_pin(). But it doesn't seem like PKCS#11 ever maps to this, so is that API simply insufficient for unblocking cards? Rgds -- Pierre Ossman OpenSource-based Thin Client Technology System Developer Telephone: +46-13-21 46 00 Cendio AB Web: http://www.cendio.com
signature.asc
Description: PGP signature
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
