G'day, Stef Hoeben wrote:
But there's of course the problem with the part in the pkcs11 standard, as you quoted, allthough IMHO it depends on how to interprete "access" (is providing non-sensitive info about the private key the same as accessing it?)
I've been thinking about how to determine a priori if access to private keys has already been granted.
The pkcs11_load_key function checks if private keys can be enumerated, and if so, assumes that the user has presented the PIN. But, as shown by the muscle PKCS#11 library, private keys may be enumerated (and their non-sensitive values fetched) even if a PIN has not been presented. So merely checking for the existence of a fetched private key is insufficient.
In addition, my understanding is that there aren't any particular attributes whose presence or value would indicate that a PIN has been presented. Attributes such as CKA_PRIVATE and CKA_MODULUS may (or may not be) fetched, depending on the implementation. There are attributes that are marked as sensitive, but the value of those attributes is restricted regardless of login state.
This seems to me to make the "if you can get a private key, you must have performed a PIN login" test quite useless. I suspect that if you can get a key, then a cryptographic operation using that key (such as signing) may need to be performed to test if the card will allow that operation (assuming that the key supports the given operation).
Or is there a simpler method to test the login state that I'm unaware of? -- Geoff _______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle
