Hello,
I would like to 'touch' the PKCS#11 module of OpenSC and looking for your
opinions/suggestions about:
- removing of 'pkcs15init' framework;
- configurable support of the multi on-card applications and multi-pins;
- removing the 'one-pin' version of pkcs#11 module (or rather replacing it with
particular case of the configuration);
- no separate slot for public objects.
The proposed PKCS#11 configuration concerns creating of slots, its
authentication objects and its content.
Possibilities are:
- 'all' -- actual behavior -- slot for every non-sopin, non-unblock PINs and
optionally for PUK;
All public objects in the limit of one on-card application are associated
to the first 'User PIN' slot.
- combinations of symbolic PIN names: 'user', 'sign' and 'application', where
important combination are:
-- if only 'user' (one-pin) used, the unique slot will contains private
objects from the all on-card applications
which are protected by corresponding card's PIN. (In the multi-application
cards, the same global card's PIN could be
referenced by the pkcs#15 'authentication' object from more then one
on-card application).
Other private objects are not visibles (For ex. the ones protected by SignPIN).
To this slot also added all public objects from the all on-card
applications.
(This configuration is suitable for FF).
-- 'user' + 'sign' -- the same as previous with exception that second slot is
created for the
private object protected by 'sign' PIN and this object's public 'friends'.
(This configuration could be useful for FF, and Thunderbird).
-- 'application' -- one slot per on-card application. So that there is the
possibility to differentiate
the on-card application with the PKCS#11 API. (Equivalent of the '--aid'
option in the pkcs15(init) tools).
(This configuration mostly for initializing of the on-card applications
with the PKCS#11 API.)
-- 'application' + 'sign' the same as 'all' without optional slot for PUK.
Kind wishes,
Viktor.
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
