Martin Paljak wrote: > On Jan 28, 2010, at 15:05 , Viktor TARASOV wrote: > >> By the way, afaiu, nonrepudiation key presume existence of something >> like 'Sign PIN'. >> If so, how do you expose this PIN to PKCS#11? >> > What do you mean with a "Sign PIN" ? eID-s often have two PIN-s - one for > authentication, one for signatures. Signature keys have the non-repudiation > bit set and in PKCS#15 terms, user consent is required. User consent > keys/certificates get the CKA_ALWAYS_AUTHENTICATE flag in OpenSC and the > cryptoki application needs to deal with GUI requirements if there are any. >
I see, thank you. > > >> Sorry, I've not understood -- do you vote for enabling 'User PUK Slot' >> by default? >> > > There's a point in having a PKCS#11 for Firefox and one for everything else. > I'm not yet sure what should be the default for the "normal" module. > Ok, for a while, I'll commit proposal from Andreas. -- Viktor Tarasov <[email protected]> _______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
