Nils Larsch wrote:
disagree, (at least as far as pkcs11 concerned) as this would prevent every application from using non-rep. keys not just application which want to use non-rep. key for authentication. It's not the job of a pkcs11 library to decide which keys an application should use, that's the job of the application using the pkcs11 library.
I'm completely browser-centric. To use your language, I believe that the browser security module opensc-pkcs11.so is the "application" which we are talking about. I am not talking about changing the generic library, such as libopensc2. I just want to make firefox/pkcs11 stop asking the nonrepudiation key, at least for FINEID cards, when it doesn't need this key. When it does this by default, any sane person pauses, pulls the card out of the reader, closes the browser and never touches OpenSC again.
Is there some flag opensc-pkcs11.so could return to Firefox, to prevent Firefox from unlocking that key by default? If not, I see no alternative but stop reporting that key to the browser.
-- Antti _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
