On Thu, 03 Dec 2009 16:57:55 +0100
Viktor TARASOV <viktor.tara...@opentrust.com> wrote:

> 
> In fact, reading the pkcs11.v2.20 pp 116:
> 
> C_SetPIN modifies the PIN of the user that is currently logged in, or 
> the CKU_USER PIN if the session is not logged in.
> 
> So, C_Login(CKU_SO) + C_InitPIN() is not the only PIN unblocking scheme.
> 

But C_SetPIN requires knowledge of the existing PIN, which the user
most likely doesn't have if they've managed to lock themselves out.

And even if they know the correct PIN, how would OpenSC go about
verifying this since the card will refuse to validate the PIN now that
it is locked?

Rgds
-- 
Pierre Ossman            OpenSource-based Thin Client Technology
System Developer         Telephone: +46-13-21 46 00
Cendio AB                Web: http://www.cendio.com

Attachment: signature.asc
Description: PGP signature

_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Reply via email to