On Jan 26, 2010, at 10:00 , François Leblanc wrote: >> btw: if someone uses a minidriver, can he still use opensc >> as pkcs#11 module (e.g. firefox)? > > It's the interesting part, the answer is perhaps yes perhaps no, > it depends, once windows take hold on the card you can't use it > directly since the reader is opened but you can forbidden windows > to manage the card (by stop loadind dll on memory)... > An other possibility maybe if you reconnect card in share mode, > I don't try this but perhaps it's working... If the handle is exclusive from windows, we need to try to reconnect in shared mode. It is similar to Tokend on OSX, when in theory, a tokend is supposed to lock the card and be the only player. OpenSC does not do it.
The same applies to PKCS#11 bridges on top of "platform APIs" (CryptoAPI and CDSA/Keychain) - Apple provides a PKCS#11 module, but that does not work. There's a NSS CAPI driver that is supposed to teach NSS applications (Firefox and friends) keys/certificates via CryptoAPI, but that has not been used widely, AFAIK. Taking into account the fact that BaseCSP plugins had issues with more than a single PIN (and the same goes for Tokend) having a PKCS#11 layer on top of platform API seems like a right thing (and it is a RightThing) but we can't match the flexibility of a bare PKCS#11 module. Until that happens - that platform API-s are really capable- it is better to support a single interface (PKCS#11) well. -- Martin Paljak http://martin.paljak.pri.ee +3725156495 _______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
