I used pkcs11-spy against opensc-pkcs11 to investigate the series of
events that leads to the login with the non-repudiation signature. I
would like to prevent this, as the key is simply too sensitive for being
unlocked without user's explicit intention of signing a contract, and
then it will be unlocked by wholly another module (opensc-signer).
As far as I can tell, firefox calls C_GetSlotList() which returns info
for the slots available. It then iterates through the list of returned
slots, which correspond to keys on a card, calling C_GetTokenInfo() for
any tokens present, and eventually calls C_Login() for the keys in the
list. At this point, the pins have been asked, so we need to intercept
this codepath sometime before the C_Login() call.
Setec's Windows driver seems to work so that it completely hides the
nonrepudiation key from the list returned by its equivalent of
C_GetSlotList, presenting only the signing key, so I believe OpenSC
should do the same. This should mean some kind of changes into the code
that examines the acceptable tokens, I think. How should the prevention
be performed?
--
Antti
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
