On Dec 15, 2010, at 8:06 PM, Tommaso Cucinotta wrote: > Il 15/12/2010 18:25, Martin Paljak ha scritto: >> Hello, >> On Dec 15, 2010, at 6:52 PM, Brian Thomas wrote: >>> Does the Muscle applet actually support multiple User PINS (multiple >>> auth-ids) simultaneously? When I try to define additional user PINS using >>> OpenSC version 0.11.13, I receive the following error. “Failed to set PIN: >>> unknown error”. My goal is to install 6 sets of private keys, public >>> keys, and certificates into 6 different containers. Each container should >>> preferably have its own PIN. >> Muscle applet does, but how well it is exposed to OpenSC I don't know. >> >> Care to explain why do you want to have on a single card with 6 different >> PIN codes? > > well, the original Applet design allowed that because a user would be > supposed to not necessarily trust all of the applications using its own > smart-card. > > As an example, I might have a PIN I enter to unblock a key I use for > accessing a relatively unimportant server, but I would be seriously > disappointed if the same (not entirely trusted) application tried to use the > key for whatever else, after unblocking it. Instead, with multiple keys and > PINs, until I don't enter the critically secure PIN to unblock the critically > secure key (and I'm going to do that only with the proper application), I can > be more relaxed and use the other app without too many concerns. > > So, the idea is providing something similar to when the user would need > different cards, but with all of them conveniently "packed" into the same > device. > > Does this make sense to you ?
Sure. I think most eID cards in EU have two PIN codes for authentication and signature keys. But 6 is pushing the limits of the human brain. Having different applications might be better to use different cards. For personal use I'd like to create keys that require PIN re-validation before every use instead a different PIN code. YMMV. -- @MartinPaljak.net +3725156495 _______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle
