On 16.02.2011 13:34, Martin Paljak wrote: > On Feb 16, 2011, at 1:01 PM, webmas...@opensc-project.org wrote: >> Revision: 5199 >> Author: vtarasov >> Date: 2011-02-16 11:01:46 +0000 (Wed, 16 Feb 2011) >> >> Log Message: >> ----------- >> IAS/ECC: for the IAS/ECC cards include into the OpenSC configuration the >> 'card_atr' sections > > Why are these needed? card-iasecc.c also uses internal ATR table to match > those ATR-s.
It's not needed for the basic usage. In IAS/ECC branch I use it to indicate the configuration section of Secure Messaging used with particular card. 'Local' version of SM module looks for the keysets values in the opensc.conf file. > As a general rule, OpenSC should be usable without a configuration file. A > programmatic approach that could be statically compiled should be the > default, with the configuration file as a solution to "fix and tune" things > that don't work out of the box or otherwise can't be put into the default > open source distributable package (think: vendor/setup specific secure > messaging, which you want to put into opensc.conf) Ok, I see. What about the options from the 'pkcs15' and 'pkcs11' sections of opensc.conf ? Should we still have possibility to tune them? > For historic reasons packagers started to distribute opensc.conf in a > location where it is read by default, instead of distributing an *example* > configuration file to be used/installed when necessary. > Look at the second line of opensc.conf.in: "# Example configuration file". Ok, let it be not more then an example. > Right now the only uncommented lines are for forcing the protocol selection > onto otherwise broken cards. Which should also be changed to a flag in the > ATR table and ATR tables of card drivers exposed to core. > The same (ATR-s and masks) is needed to be flushed programmatically to > Windows registry for Minidriver use. > Ideally packagers should be bugged to stop distributing opensc.conf installed > into /etc(/opensc). But still, there will be the possibility for OpenSC to read from somewhere the pkcs15 and pkcs11 configuration options, isn't it ? -- Viktor Tarasov <viktor.tara...@opentrust.com> _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
