Thank you for your reply. On Tue 24 Jul 2012 01:44:28 PM ICT, helpcrypto helpcrypto wrote: > On Tue, Jul 24, 2012 at 4:16 AM, Nguyễn Hồng Quân <quanngu...@mbm.vn> wrote: >> Hi, >> >> I heard that you are successful to implement Admin PIN callback in PKCS#11. >> Which card did you do? Can it be applied to OpenPGP? If yes, how should we >> do? >> >> Thanks. > > Where did you read that? I didnt say it... > We have a very old card for which i made a pkcs#11 lib, not using > opensc or anything else. well...openssl0.9.8 > I dont konw if it can be applied to OpenPGP cause i dont know OpenPGP > (Altought i will like to) > > There are 2 thing to implement: > -CKU_SO login > > If you want a certificate to be used with CKU_SO instead of user, you > could "ignore" the user type, have different slots for each > user...these ways arent 100% compliant, but could do the trick. > Anyhow, remember that, acording to the standard, the SO user its only > for "initialization" purposes, so maybe you need a card supporting > diferent users, rather that SO. > > -Callbacks: > > The same manner if you invoke C_Login with a PIN to login, If your > token has CKF_PROTECTED_AUTHENTICATION_PATH, you could invoke C_Login > with pin=NULL, and another library will try to autenticate before > login into token. Thats probably not 100% standard compliant, but > could do the trick. > > > > GURUS: how its the CKF_PROTECTED_AUTHENTICATION_PATH supposed to work? > Will a pinpad "intercept" the calls to the card and request the PIN > before sending it to the card? I dont remember if that was clear on > standard.
-- Regards, Quân Y!IM: ng_hquan_vn _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel