Pierre Ossman wrote: > On Thu, 03 Dec 2009 14:57:34 +0100 > Viktor TARASOV <viktor.tara...@opentrust.com> wrote: > > >> Another possible, 'alternative to alternative' scheme is to use C_SetPin() >> in the specific context (after C_Login(CKU_SPECIFIC_CONTEXT)). >> >> So, in CKU_USER_PIN context C_SetPin() is used to change user PIN, >> in CKU_CONTEXT_SPECIFIC it's used to unblock user PIN. >> >> Afais, CKU_CONTEXT_SPECIFIC is not actually used. >> >> > > The problem here is that this is not something that's specified in the > standard, and it's not the system existing implementations use. > > I think that as far as the interface goes, C_Login(CKU_SO) followed by > C_InitPin() is set in stone as we want to be compatible with what's > already out there. >
In fact, reading the pkcs11.v2.20 pp 116: C_SetPIN modifies the PIN of the user that is currently logged in, or the CKU_USER PIN if the session is not logged in. So, C_Login(CKU_SO) + C_InitPIN() is not the only PIN unblocking scheme. > Rgds > -- Viktor Tarasov <viktor.tara...@opentrust.com> _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
