Re: [opensc-devel] SO pin in pkcs11-tool?

2012-05-30 Thread NdK
On 30/05/2012 11:42, Alon Bar-Lev wrote: > PKCS#11 is weak in term of privileges, not always it is possible to > access the complete feature set via this interface without proprietary > extensions. IIRC, that's why profiles are needed when you use the card, not only when you initialize it, right?

Re: [opensc-devel] SO pin in pkcs11-tool?

2012-05-30 Thread Nguyễn Hồng Quân
Thanks for your explanation. On Wed 30 May 2012 04:42:04 PM ICT, Alon Bar-Lev wrote: > > Actually no. > After personalization a card content is constant. > So we have 99.9% of the time card content is unchanged. > If personalization process is done via other interface it should not > be a prob

Re: [opensc-devel] SO pin in pkcs11-tool?

2012-05-30 Thread Alon Bar-Lev
On Wed, May 30, 2012 at 12:36 PM, Nguyễn Hồng Quân wrote: > > Hello Alon, > > On Wed 30 May 2012 04:27:11 PM ICT, Alon Bar-Lev wrote: > > Hello, > > > > I think you have some confusion of what is PKCS#11 Admin PIN. > > The PKCS#11 Admin PIN is only usable to initialize a token, and > > optionally

Re: [opensc-devel] SO pin in pkcs11-tool?

2012-05-30 Thread Nguyễn Hồng Quân
Hello Alon, On Wed 30 May 2012 04:27:11 PM ICT, Alon Bar-Lev wrote: > Hello, > > I think you have some confusion of what is PKCS#11 Admin PIN. > The PKCS#11 Admin PIN is only usable to initialize a token, and > optionally unlock the user PIN. > It has no special privileges over the content of the

Re: [opensc-devel] SO pin in pkcs11-tool?

2012-05-30 Thread Alon Bar-Lev
Hello, I think you have some confusion of what is PKCS#11 Admin PIN. The PKCS#11 Admin PIN is only usable to initialize a token, and optionally unlock the user PIN. It has no special privileges over the content of the card. So you are prompted by firefox for the user PIN, which is OK. Anyway, wh

[opensc-devel] SO pin in pkcs11-tool?

2012-05-30 Thread Nguyễn Hồng Quân
Hello all, As you may know, I'm trying to implement writing certificate to OpenPGP card via PKCS#11. I succeed with pkcs15-init tool but have difficulty with pkcs11-tool. When I import via pkcs15-init tool (Command: pkcs15-init --store-certificate quanngu...@mbm.vn.pem), the tool asks for Admin P

Re: [opensc-devel] Announcing debugging server and asking for advice

2012-05-30 Thread Jean-Michel Pouré - GOOZE
Le mardi 29 mai 2012 à 15:38 +0200, Peter Stuge a écrit : > Doing it in sshd will probably be faster though. Per discussion with Ludovic, restricting ssh connections might not be a good thing. So I will not restrict them. Kind regards, -- Jean-Michel Pouré - Gooze - http://www.