Martin Paljak wrote:
We have pinpad readers these days. Check http://www.opensc-project.org/opensc/wiki/PinpadReaders
Thanks for the info. Now if only these card readers had a way of showing what they are about to sign, so that the user doesn't even need to trust OpenSC. I wonder, will they integrate LCD displays? ;-)
To load opensc module so that firefox would not ask PIN codes every time it wants to read a certificate, use the 'friendly' bit for the module (either NSS modutil or load the opensc-pkcs11 module via a web interface supporting this, like http://www.opensc-project.org/ideelabor/wiki/VeebisAutentimineMozillaga)
I can't read estonian, but if this is about caching the PIN on persistent storage, it is more or less the exact opposite of what I want. The problem is not that the browser asks for the PIN code. (In fact, it is a feature. I would argue that taking steps to make it easier to have user's identity stolen is self-defeating.)
The real problem is that the nonrepudiation key on FINEID cards should remain locked unless it is required by the signer module for the one-time purpose of signing a message. The user's model for the smartcard is that the first key is for authentication and the second is for digital signatures, so asking the PIN for the second key outside digital signature context is not acceptable.
-- Antti _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
