On Jan 28, 2010, at 15:05 , Viktor TARASOV wrote: > By the way, afaiu, nonrepudiation key presume existence of something > like 'Sign PIN'. > If so, how do you expose this PIN to PKCS#11? What do you mean with a "Sign PIN" ? eID-s often have two PIN-s - one for authentication, one for signatures. Signature keys have the non-repudiation bit set and in PKCS#15 terms, user consent is required. User consent keys/certificates get the CKA_ALWAYS_AUTHENTICATE flag in OpenSC and the cryptoki application needs to deal with GUI requirements if there are any.
> > Sorry, I've not understood -- do you vote for enabling 'User PUK Slot' > by default? There's a point in having a PKCS#11 for Firefox and one for everything else. I'm not yet sure what should be the default for the "normal" module. -- Martin Paljak http://martin.paljak.pri.ee +3725156495 _______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
