Antti S. Lankila wrote:
I used pkcs11-spy against opensc-pkcs11 to investigate the series of events that leads to the login with the non-repudiation signature. I would like to prevent this, as the key is simply too sensitive for being unlocked without user's explicit intention of signing a contract, and then it will be unlocked by wholly another module (opensc-signer).

As far as I can tell, firefox calls C_GetSlotList() which returns info for the slots available. It then iterates through the list of returned slots, which correspond to keys on a card, calling C_GetTokenInfo() for any tokens present, and eventually calls C_Login() for the keys in the list. At this point, the pins have been asked, so we need to intercept this codepath sometime before the C_Login() call.

Setec's Windows driver seems to work so that it completely hides the nonrepudiation key from the list returned by its equivalent of C_GetSlotList, presenting only the signing key, so I believe OpenSC should do the same.

disagree, (at least as far as pkcs11 concerned) as this would prevent
every application from using non-rep. keys not just application which
want to use non-rep. key for authentication.
It's not the job of a pkcs11 library to decide which keys an application
should use, that's the job of the application using the pkcs11 library.

Cheers,
Nils
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Reply via email to