On Wed, 2010-04-21 at 07:48 -0400, Jim Rees wrote: > > I don't think that's what you mean. "PIN is blocked" is a precise > term used > by smart card people, it means the card is no longer usable because it > has > detected an attempted intrusion and shut itself down. I think what > you mean > is that app no. 2 is unable to access the card because app no. 1 is > using > it, and when app no. 1 is done, app no. 2 can proceed. Correct?
I had to unlock the card using PUK code. But you are right, some of my applications cannot access the card. > Someone mentioned this is a restriction in pkcs11, but it's really > more of a > card policy issue in my opinion. The idea is that if app no. 1 has > submitted a PIN but app no. 2 has not, then app no. 2 should not have > access > to crypto ops requiring a PIN. And since pkcs11 has no way to know > which > ops might require a PIN, it blocks everything from app no. 2. This > may not > be the security model you prefer but it's what we're stuck with. I though lock_login = false; was enough to prevent this. Kind regards, -- Jean-Michel Pouré - Gooze - http://www.gooze.eu _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel