Will Fiveash wrote: > On Wed, Oct 28, 2009 at 05:14:27PM -0400, Wyllys Ingersoll wrote: >>>> The problem is that when you query the token and check the flags, >>>> the token has no way to know if you want to read the private or >>>> public areas so it cannot have any logic to indicate whether or >>>> not to set the login bitfield in the flags. pktool defaults to the >>>> safest method, which is to prompt always (we ran into trouble >>>> when we did not do this on some devices other than softtoken). >>> Looking at the spec there is support for different session types >>> including the default of CKS_RO_PUBLIC_SESSION. Why can't the token use >>> this to determine what the app wants to read and whether login is >>> necessary? >> That sounds like it should be possible but I haven't looked at the code >> to check. You should be discussing this with the EF iteam or >> crypto-discuss at opensolaris.org . > > I've been cc'ing crypto-discuss at opensolaris.org on this thread.
C_GetTokenInfo does not take a session handle as an argument, so the token has no idea if you will be opening a readonly public session or not and thus cannot tailor the info that it gives you. -Wyllys
