Hi Martin; The TCOS driver marks the user PIN as unblocking PIN [3], which I believe is > incorrect (only PUK should have the unblocking code flag set) > > The attached patch should fix this. Peter, please add your comment. >
PKCS#15-spec says: PinAttributes.pinFlags: This field signals whether the PIN: > - is an unblockingPin (ISO/IEC 7816-8: resetting code), meaning > that this PIN may be used for unblocking purposes, i.e. to reset > the retry counter of the related authentication object to its initial > value; > TCOS-cards have 4 PINs, i.e. PIN, PUK, PIN1 and PIN2. If PIN is blocked it may by unblocked by PUK. If PIN1 or PIN2 are blocked they may be unblocked by PIN. So PIN is both a regular PIN (i.e. protects certain objects) and an unblockingPIN with respect to PIN1 and PIN2. For this reason I set the unblocking-flag for PIN as PIN MAY be used to unblock other PINs. Of course it will do absolutely no harm if the unblocking-flag will be removed from PIN. pkcs15-tcos.c does not support the newest TCOS3-cards [1] and I will commit a new version this weekend. The new version will set the unblocking-flag for PUK only. [1] http://www.opensc-project.org/pipermail/opensc-user/2010-July/004195.html Peter
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel