On 27.11.2009, at 17:31, Andreas Jellinghaus wrote: > Am Donnerstag 26 November 2009 19:55:02 schrieb Viktor TARASOV: >> But before, I would like to know if there are any objections for >> the following changes to calls of do_change() and do_unblock() in >> opensc-explorer. > > I like the changes. opensc-explorer is only meant as debug tool, > but still each function could be improved so it can implement > the various card commans. > > one question: unblock always works with puk? > is there a way to use so-pin for unblocking too?
You refer to the same issue I pointed out before: concepts like "so-pin" don't exist in low level ISO specs. It is a PKCS#15/#11 level concept. >From PKCS#15 spec v1.1 page 44: """ PinAttributes.pinFlags: This field signals whether the PIN: .. is a soPin, meaning that the PIN is a Security Officer PIN (in the PKCS #11 sense) """ opensc-explorer (I guess) is supposed to be a ISO (card driver) level utility which does not know such things, it just handles PINs with numeric indexes. I don't see why pkcs15-tool --change-pin/--unblock-pin can not be used as debug tools, especially because they also reveal issues other applications using pkcs#11, Tokend or CSP interfaces would encounter once they use the pkcs15 API (like pkcs#11 and tokend currently do) I don't mind extending opensc-explorer but the "right place" for PIN operations, IMHO, is in pkcs15-tool. And it can be called with command line parameters (which is not trivial for explorer)! > and the text in the examples has "Set PIN" where > I wonder if "unblock pin" wouldn't be better - the > texts are a bit confusing right now. > > or do the "Set PIN" operations require a "verify" command > to be executed first? I believe this would be card specific. See the changeset 3744 and the way it is used by Portugese eID in card-ias.c http://www.opensc-project.org/opensc/browser/branches/martin/0.12/src/libopensc/card-ias.c?rev=3755#L207 Martin. -- Martin Paljak http://martin.paljak.pri.ee +372.515.6495 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
