On 26/09/06, Nils Larsch <[EMAIL PROTECTED]> wrote:
Ludovic Rousseau wrote:
> Even if I C_Login() with the correct PIN the protected DF will not be
> read again. In fact the VERIFY APDU is sent to the card, 90 00 comes
> back and then no more exchanges with the card.
I guess this is a missing feature of our pkcs11 lib, the list
of objects isn't really updated once the user has logged in
I see. Some code is missing.
> I have also discovered that login in slot 0 works but fails in slot 1
> with CKR_USER_PIN_NOT_INITIALIZED even if "pkcs11-tool --list-slots"
> gives:
> Slot 0:
> token flags: login required, PIN initialized, token initialized
> Slot 1:
> token flags: PIN initialized, token initialized
>
> The returned error code comes from pkcs15_login() in
> pkcs11/framework-pkcs15.c
>
> Any idea why it fails?
from a quick lock at framework-pkcs15.c I would say that the
CKF_USER_PIN_INITIALIZED flag is always set (see pkcs15_init_slot()).
The attached patch might fix this issue.
That does not fix the issue. I now have:
Slot 1 Gemplus GemPC Twin 00 00
token state: uninitialized
But the objects (seen with pkcs11-tool --list-objects) are still
present in slot 1 only, and not in slot 0.
The real question is: why does OpenSC consider 2 slots for my card
instead of just 1?
Thanks
--
Dr. Ludovic Rousseau
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
