Bengt Nilsson wrote:
> Hi,
>
> Suppose I write an application, based on NSS (for encryption and client/server
>authentication). Certifacates are on (PKCS11)smartcards. Further, my application
>works different for different users, 'roles'; some options in some menues are greyed
>for different roles for example.
>
> During shift change one user (role) removes his card and the new user inserts his.
>How can the application detect this change? Is there some callback function in pkcs11
>for removal/insertion of token or how is this situation supposed to be handled?
>
> Regards Bengt
>
>
>
The applications will get errors when it tries to access any keys that
are associated with the token. Whenever the token changes, the
PK11_GetSlotSeries() number is also incremented as well, so you can
check the series value. If the token requires authentication, you will
notice you will be prompted for a password when you access the token.
For the most part, it will be transparent to you -- but if you have
some cached crypto state (like SSL has the sessionID) that can be
referenced without accessing the token, then usingPK11_GetSlotSeries()
is your best bet.
bob
