Il 03/08/2011 13:35, helpcrypto helpcrypto ha scritto: >> And (more general question) why a slot identifies a pin? What about >> "insecure" keys and their certs? See below. > An slot doesnt need to have a PIN, as stated on PKCS#11 standard. Then why I get *exaxtly* one slot per PIN (and in the slot name there's the label I associated with the PIN? Maybe it's opensc-specific, but I doubt.
> 1 - PKCS#11 standard was designed a long time ago, so consider it has > several lacks, for example "concurrent access", "multiple pin > auth/virtual slots"...or this "strange/complex explanation about > slots" In 2.30 concurrent access is explained quite well. Both multitasking and multithreading -wise. > In the smartcard approach you and me are using, this is translated as: > "One slot for each reader" > When the card is inserted in the slot, the token info is retrieved and shown. Should be this way. Experiments say otherwise. >> What I don't understand is why I get a slot for every PIN on >> my card, plus a PnP (always empty) slot. > You dont simply get an slot for evrey PIN... (as usual, EXPERTS: > correct me if im wrong) I do. And they're named after the labels I gave to my PINs. > If your smartcard has multiple pin auth system (like many > applications, each on with a pin), thers should be a way to login on > each one. > Consider the following: smartcard with 2 apps, both of them containing > certificates. > How you should do to use any of these? You'd have to select the app before. IIUC you can't switch app while card is in use (well, you an but it's like disconnecting a card and inserting a new one, with its own ATR). Discovering which apps are available on a card is another issue. But if I need PKCS15, i select app "A000000003000000" 'just to be sure'. All the rest tends to be too OT here and I'm replying privately. BYtE, Diego. _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
