On Thu, 03 Dec 2009 16:57:55 +0100 Viktor TARASOV <viktor.tara...@opentrust.com> wrote:
> > In fact, reading the pkcs11.v2.20 pp 116: > > C_SetPIN modifies the PIN of the user that is currently logged in, or > the CKU_USER PIN if the session is not logged in. > > So, C_Login(CKU_SO) + C_InitPIN() is not the only PIN unblocking scheme. > But C_SetPIN requires knowledge of the existing PIN, which the user most likely doesn't have if they've managed to lock themselves out. And even if they know the correct PIN, how would OpenSC go about verifying this since the card will refuse to validate the PIN now that it is locked? Rgds -- Pierre Ossman OpenSource-based Thin Client Technology System Developer Telephone: +46-13-21 46 00 Cendio AB Web: http://www.cendio.com
signature.asc
Description: PGP signature
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
