Hi. On 20.11.2009, at 11:18, Viktor TARASOV wrote: >>> For now I propose this small patch to permit "generate_key" with >>> pkcs11-tool. >>> >> >> More universal (but not full and not good for future) patch is here: >> http://www.opensc-project.org/pipermail/opensc-devel/2009-November/012863.html >> > > What for there are two PIN cache systems? > Why do not use the unique one? There used to be 3 places for PIN caching: PKCS#11, Tokend, pkcs15init/keycache.c.
Two have been reduced to one(PKCS#11 and Tokend) I'm in the process of fixing the third option as well. But it tries to handle more things than just PIN caching, like transport keys. > As for me, the 'p15card->pin_cache[]' system is more attractive. > Somebody have the reasons for the other or for the both ? There's another option: take the part that deals with PIN codes in keycache.c and make it use libopensc PIN cache and leave the keycache.c in pkcs15init? The old "bridge" that currently is left commented out, as said in the commit message of changeset 3784, is at http://www.opensc-project.org/opensc/browser/trunk/src/pkcs11/framework-pkcs15.c#L3070 The simplest and shortest way is to re-implement that piece. But it still leaves two issues: 1) no way of using a pinpad for initialization 2) separate copies of PIN values without much control (which was the original reason of consolidation, based on a security audit) Martin -- Martin Paljak http://martin.paljak.pri.ee +372.515.6495 _______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
