Hi Max, Douglas forwarded your mail to several lists to me. could you please do me a favor and forward this response to those lists as well? (I'm not subscribed to them ...) Thanks!
I have two comments: first) opensc does not use libp11 (but libp11 can use opensc or any other pkcs#11 module). the only two projects using libp11 are pam_p11 and engine_pkcs11 as far as I know. second) pam_p11 does not generate keys. I fail to find any user of the function you mentioned in both - libp11 or engine_pkcs11 source code. so it is dead code as far as I'm concerned, not used by anyone. if you think otherwise, detailed info who uses that code and how is very welcome. the code in libp11 was submitted in 2003 to opensc and hasn't been much further developed since, but was only barely maintained so it compiled and could be used in pam_p11. By the way OpenSC has a config file entry to allow software key generation, which is used with "--split-key" option and on cards that can't generate keys themself (I think cryptoflex 8k is one of them). Since no such cards are common any more, the default was changed to false some weeks ago. Thanks for your help! Regards, Andreas _______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
