On Wed, Nov 9, 2011 at 7:39 PM, Viktor Tarasov <viktor.tara...@gmail.com> wrote: > Hello, > > I would like to 'touch' the PKCS#11 module of OpenSC and looking for your > opinions/suggestions about: > - removing of 'pkcs15init' framework; > - configurable support of the multi on-card applications and multi-pins; > - removing the 'one-pin' version of pkcs#11 module (or rather replacing it > with particular case of the configuration); > - no separate slot for public objects.
1. If you remove the pkcs#15 init how will you init the card? How will you create several PINs? 2. If you separate PINs into slot, you must expose the public object within the same slot of the private object. As application will look for the private object on the same slot with the same id of the public one. 3. The one-pin should have been removed long time ago in favor of configuration :) But as usual, I will keep reminding anyone that the most severe issue of OpenSC PKCS#11 is the require for lock reader since C_Login until eternity in order to achieve secured setup. As far as I know this has not been addressed. 1. It is explicitly violate PKCS#11 spec. 2. Disabling this lock_login=false exposes your card for other applications without authentication. 3. Default is disabled, which and back to (2). Regards, Alon. _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
