On Mon, 2016-12-05 at 10:23 -0500, Nathaniel McCallum wrote: > > Indeed, in the case where one has both ykcs11 and opensc, he would > > have > > to supply --detailed-urls to p11tool to be able to distinguish > > between > > objects. That is, because they will have identical URLs except for > > the > > library-description and library-manufacturer fields, which are not > > normally printed. > > > > That would be a bit more than just inconvenience because of the > > duplicate listings, it would be that if you don't specify the > > library > > fields on the URL, you wouldn't know which module was used for the > > operation. > > They don't, in fact, have different URIs. If I add a .module file for > ykcs11.so, I get the attached output for p11tool --list-tokens.
You forgot to attach it :) > > We should ping yubico on that. Is there some reason they didn't > > implement the key generation on opensc? Ideally we won't ship that > > additional module. > > I don't know. But I suspect it would require hardware change. There > are a lot of existing YubiKeys out there. opensc-pkcs11 is an alternative driver for the same hardware, the same as ykcs11. As it is now, it seems that opensc misses only the generation part, and I think it would be preferable to pointing yubico in adding that functionality in opensc, rather than shipping a separate driver in fedora. regards, Nikos _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
