On Thu, 3 Dec 2009 13:38:43 +0300 "Aktiv Co. Aleksey Samsonov" <samso...@guardant.ru> wrote:
> > What are the cards support it? (sc_pkcs15_unblock_pin with "puk" is > CKU_SO and "newpin" is pPin) How many of them from the total number > working in OpenSC? > > Alternative sheme: > Reimplement "reset_retry_counter" or "pin_cmd -> SC_PIN_CMD_UNBLOCK" > that it no use "puk" and "newpin", it merely send apdu with ref_unblock_pin. > At that time C_Login(..., CKU_SO, ...); C_InitPIN(..., "", 0) -> > sc_pkcs15_unblock_pin(..., NULL, 0, "", 0); > But, I don't like misuse of C_InitPIN concept. I think we might have a language barrier here as I'm not quite following what you're trying to say. The basic problem is that none of my PKCS#15 cards have an object for the PUK (and from what I can tell the PKCS#15 standard doesn't require them to). This means that we cannot do a C_Login with the PUK beforehand (as we cannot figure out the reference of the PUK for the VERIFY operation). My patch hacks around this limitation by caching the PUK and sending it with the RESET RETRY COUNTER operation, where the reference number of the PUK isn't needed. As for which cards will support this, it should be the same set as those "pkcs15-tool --unblock-pin" supports as it should work in the same way. Rgds -- Pierre Ossman OpenSource-based Thin Client Technology System Developer Telephone: +46-13-21 46 00 Cendio AB Web: http://www.cendio.com
signature.asc
Description: PGP signature
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
