Hi, > From: opensc-devel-boun...@lists.opensc-project.org [mailto:opensc-devel- > > Anybody can change the profile if they want to. We have defined a default > profile for MyEID that suits common cases. > > Just for the sake of curiosity, can you post here an example of 'protected' > profile for MyEID card?
We don't have that kind of profile, but somebody could make one if they like. > > >> What do you think, will it be sufficient, during the card initialization, > >> to create all xDF files that have 'CREATE' protected by SOPIN ? > > What I mean is that OpenSC would create the whole structure defined in the > > profile, regardless of the ACL:s. > > I know that the driver can do this by itself, but why not implement it to > OpenSC so that it would work for all cards? > Personally I have no objections, but we cannot take rapid decision for all the > cards. I don't know if actually somebody considers as useful > to not create all xDFs (including rarely used DODF, SKDF, ). We'll be waiting > for the other opinions. > > What can be done easily is a new profile option "create-all-xDF". So that, you > will have the possibility to do what you want in a non-intrusive for the other > cards manner. > > Take also into consideration that all card profile are loaded after the > general 'pkcs15.profile', where all xDF are defined. > And so the list of xDFs to create is not completely controlled by the card's > profile. > OK, well then perhaps this should be implemented to the card driver. > > > One thing it could do, is to check when initialization is done each of the > > known identifiers (PrKDF, PuKDF, CDF..), > > if these have been defined in the profile, it would create them. > > > > One additional feature that is lacking from OpenSC is that it does not > > create the PIN codes automatically (except the SO-PIN). > Sorry I do not follow what you mean. I mean that currently when initializing a MyEID card you need to run the following commands: - pkcs15-init -C /* create structure */ - pkcs15-init -P -a 1 /* create user pin */ - pkcs15-init -F /* finalize (activate) card */ The first command actually asks for the User PIN but does not create it. It would be nice if it would create it. I have no experience with other cards, so don't know how if the User PIN is created using the first command or not. It's not a big issue, but still, it's one extra step you need to know when initializing cards. Kind regards, Toni > > Kind wishes, > Viktor. > _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
