On 18.11.2009, at 16:53, François Leblanc wrote: > Hum, my first idea it's to add 'sc_pkcs15init_set_callbacks' somewhere in > > opensc-pkcs11.dll (in framework-pkcs15.c for example)... but like I'm not a > > specialist of pkcs11 I'd rather wait to have opinion of someone who know > > what he do. So for the moment I hope pkcs11 expert to have a look. For the trunk branch, I don't know if the comment to changeset 3784 is OK: https://www.opensc-project.org/opensc/changeset/3784 This can't affect 0.11.
> 'pkcs15-init' provide it's own function to get pin and ask for pin when > > necessary, for opensc-pkcs11 the pin is given by application so we can't > > provide function to ask pin. I think we can cache pin at login and call > > 'sc_pkcs15init_set_callbacks' to set functions to retrieve pin back but > > what about security and so-pin... There are two targets: 1. If a PIN is entered via software, cache it in a single location, usable by all layers above libopensc by same mechanism 2. Allow to personalize a card with all PIN-s going through a pinpad. 1. is possible, but 2 via PKCS#11 might be a problem, if a card requires several times a PIN for a single operation... -- Martin Paljak http://martin.paljak.pri.ee +372.515.6495 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel