Andre Zepezauer wrote: > On Tue, 2010-11-02 at 09:05 +0100, Ludovic Rousseau wrote: > >> 2010/11/1 Andre Zepezauer <andre.zepeza...@student.uni-halle.de>: >> >>> Hello, >>> >>> the pkcs15init tool currently writes to cards, even when the profile >>> indication (3F00/5015/4946) isn't found. That's bad, because it's highly >>> possible that such a card was personalised with another library or has >>> an unknown profile. In my opinion there are the following issues: >>> >>> 1. opensc isn't smart enough to do such things (see #252) >>> 2. after a successful write operation the TokenInfo is overridden, which >>> * is incomplete and >>> * contains broken ASN1 encoding >>> >>> The attached patch prevents that behaviour and fixes #252. It is for >>> current trunk. But should work for 0.11.13 too. >>> >> Fixed in revision 4853. >> >> I have not closed ticker #252 because I am not sure the problems are >> related. (and I have not read ticket #252 in detail). >> Neither do I. It would be nice to have full logs and to get know what's going on between 'Please enter Unspecified PIN ...' and '... cardos_check_sw: function/mode not supported'
> > The user reporting the bug has a card manufactured by Siemens. > Personalisation was done by the card vendors software (HiPath). > Therefore the card doesn't have the file 3F00/5015/4946 on it. With this > patch applied, the output of pkcs15-init looks like this: > > $pkcs15-init --generate-key rsa/1024 --auth-id 01 -v > Using card driver Siemens CardOS. > Couldn't bind to the card: File not found > > This is the correct behaviour, because the profile indication > (3F00/5015/4946) is missing. And refusing to modify cards without > knowing the exact profile, is good practise anyway. > Imho, the main reason to use PKCS#15 is interoperability between different card and middlewares in the card initialization and card using, and so, OpenSC should operate with the cards initialized by other middlewares. Probably the on-card profile indication should be removed at all (afais, it's main purpose is to distinguish 'one-pin' and 'normal' pkcs15 profile). Pkcs15init has to detect a valid pkcs#15 structure and bind card to the card profile (automatically detected or from command line argument). This card profile is used mostly when creating data (file or SDOs) of the new objects, the rest of the operations use an available on-card information (existing PKCS#15, ACLs). Kind wishes, Viktor. _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
