Hi Iain,
Except that there is also an admin PIN for the MCardApplet, and that's
actually sometimes referred to as a transport key. The default value for
that is 0x4D7573636C653030, but it gets changed when the applet is
personalised. Both PINs also get assigned numbers of attempts before
they get locked, and both have unlock keys (PUKs) too.
hmm, ok, so we need tools to set and change those.
I suppose all of that could be "pushed down" when we layer OpenSC on
top - making the MCardApplet's user PIN be the "transport key" for
OpenSC...
if it is needed to initialize, change and format the card, but can't
be used for anything else (i.e. not used to change the user pin, use
keys or stuff like that), I would call it a transport key.
If it can be used to change the user pin, or even to us a key, it
should be called the security officer pin.
transport keys can be often left at default value - ok, if someone find
or steals your card he can erase it and reuse it, but since he can't
access the cards keys that is not a big deal. security officer pins on
the other hand are very important and must be changed to a secret value.
Regards, Andreas
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
