Hello,
On Tue, May 10, 2011 at 17:29, Giuliano Bertoletti wrote:
> Despite the fact that slots can (in certain tokens) be added or removed
> by the administrator, such person is supposed to have complete control
> over what happens.
I would remind that PKCS#11 is a software API. I don't think th
Il 10/05/2011 9.24, Martin Paljak ha scritto:
>
> To make it simple: do you have a patch, that fixes both cases (so that a slot
> index and a hardcoded slot ID can be used)?
>
Hello,
I finally got the code to compile. Actually I simply patched the code in
the sense that now the slot is interepr
On May 10, 2011, at 15:38 , Alon Bar-Lev wrote:
> On Tue, May 10, 2011 at 1:18 PM, Giuliano Bertoletti wrote:
>> I pointed out the slot_id matter instead because it is just wrong to start
>> from the assumption that the user knows it and it won't change between
>> multiple executions.
>
> Same
Hello Alon,
Il 10/05/2011 18.13, Alon Bar-Lev ha scritto:
> Last message in this thread, as I think nothing is wrong and you try
> to tweak implementation to suit your needs.
>
> Your assumption that only administrator is responsible for slot
> management is totally wrong.
>
> 1 Every USB reader
Last message in this thread, as I think nothing is wrong and you try
to tweak implementation to suit your needs.
Your assumption that only administrator is responsible for slot
management is totally wrong.
1 Every USB reader that is unplugged/plugged by user will most
probably result in a new slo
Hello Alon,
I still disagree.
Despite the fact that slots can (in certain tokens) be added or removed
by the administrator, such person is supposed to have complete control
over what happens.
Acessing a slot/token makes perfect sense from a user/administrator
standpoint, although adding or r
Use this[1] to build using cross compiler.
[1] https://www.opensc-project.org/build
On Tue, May 10, 2011 at 10:36 AM, Giuliano Bertoletti wrote:
>
> Hello,
>
> unfortunatelly I'm still fighting with the compiler to rebuild the
> engine_pkcs11 library (under Windows / Mingw or Visual C++).
> Once
On Tue, May 10, 2011 at 1:18 PM, Giuliano Bertoletti wrote:
> I pointed out the slot_id matter instead because it is just wrong to start
> from the assumption that the user knows it and it won't change between
> multiple executions.
Same for index.
Sorry, I still cannot see your point.
Had you ar
Hello Nikos,
Il 10/05/2011 11.23, Nikos Mavrogiannopoulos ha scritto:
> On Tue, May 10, 2011 at 9:40 AM, Giuliano Bertoletti wrote:
>
> And this is exactly the reason why they shouldn't be used for object
> identification and usage (the typical use-case of PKCS #11).
>
I partially agree, but con
On Tue, May 10, 2011 at 9:40 AM, Giuliano Bertoletti wrote:
> Hello Nikos,
> just a few notes.
> The pkcs#11 standard adresses cryptographic devices in general, not only
> smart-cards which might (or might not) have a single slot.
> Cryptographic devices such HSMs are capable of supporting many ma
On Mon, May 9, 2011 at 9:53 PM, Alon Bar-Lev wrote:
> This is a matter of interpretation.
> Either is not constant and user is not suppose to know of.
> Apart of the special case of having a single slot, so you expect 0 I presume.
> You can check which slot is what simply by using:
> pkcs11-tool -
Hello Nikos,
just a few notes.
The pkcs#11 standard adresses cryptographic devices in general, not only
smart-cards which might (or might not) have a single slot.
Cryptographic devices such HSMs are capable of supporting many many
slots. Slot can also be added and removed at wish.
They're use
Hello,
unfortunatelly I'm still fighting with the compiler to rebuild the
engine_pkcs11 library (under Windows / Mingw or Visual C++).
Once I get it to work, I would be happy to supply the patch (shouldn't
take too long to patch).
To be more accurate I cannot link the OpenSSL libraries to libp
Hello,
On May 10, 2011, at 10:02 , Giuliano Bertoletti wrote:
>
>> A list of CK_SLOT_IDs is returned by C_GetSlotList. A priori, any value of
>> CK_SLOT_ID can be a valid slot identifier—in particular, a system may
>> have a slot
>> identified by the value 0. It need not have such a slot, howe
Hello Alon,
I respectfully disagree. The slot_id is to be considered no more and no
less than an handle returned by the pkcs#11 library in the eyes of the
caller (although such handle must never be closed or freed).
The application has no right to guess it's value, in the same sense you
canno
This is a matter of interpretation.
Either is not constant and user is not suppose to know of.
Apart of the special case of having a single slot, so you expect 0 I presume.
You can check which slot is what simply by using:
pkcs11-tool --list-slots --module /usr/lib/pkcs11/
On Mon, May 9, 2011
Hello,
I think I've found a bug in the OpenSSL engine_pkcs11.
The slot_index supplied from the command line to OpenSSL and actually
directed to engine_pkcs11, is incorrectly parsed by the latter which
treats it as if it were the slot_id.
Most pkcs#11 implementations assume slot_index = slot_i
17 matches
Mail list logo
