On 09/28/2011 08:11 AM, Jean-Michel Pouré - GOOZE wrote: >> However I was surprised by getting back CKR_FUNCTION_NOT_SUPPORTED >> when >> calling the PKCS#11 C_CreateObject method. It looks like the Entersafe >> driver doesn't support write operations. Am I misreading something? In >> card-entersafe.c in the sc_get_driver() function it sets both >> ops.write_binary and ops.delete_file to NULL. > > Dear Stef, > > No support of delete operations is normal, it is a security measure to > ensure that an object cannot be overwritten by an attacker. > > But PKCS#11 C interface should support writing objects. For example, > Firefox manager allows importing of entersafe objects using PKCS#11.
I found the source of the problem. We first have to perform C_CreateObject for the CKO_PRIVATE_KEY and then running C_CreateObject for a matching certificate will work. Is this fragility necessary, or is it something that we should try to fix in opensc? Cheers, Stef _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
