Am Donnerstag 04 Februar 2010 07:42:52 schrieb Martin Paljak: > On Feb 4, 2010, at 08:33 , [email protected] wrote: > > Revision: 3994 > > Author: aj > > Date: 2010-02-04 06:33:33 +0000 (Thu, 04 Feb 2010) > > > > Log Message: > > ----------- > > fold ui.c/h into pkcs15-init. > > Shouldn't this code be put into util.c and used by pkcs15-tool and > pkcs15-crypto and friends ?
they call getpass directly. and honestly: I think it is better to remove all the abstractions and indirections, rather than blow up the code and use complex and hard to debug code everywhere. I haven't figured out yet, why we need to have a system with callbacks to ask for passwords in pkcs15-init. if it could go away, that would be preferable from my point of view. but I guess the current code does not allow to find out which PIN would be required for some action, before that action is called. so the code can either try and see what happends, or use call-backs. and maybe some code does part of the changes before realizing that additional PINs are needed, and would maybe leave behind incomplete data if it was aborted. for example (not 100% opensc, but we might have something like this): the swissign version of cardos had the DF for certificates unprotected so you can create new cert files and store their content without entering a pin. but the certificate directory file is SO-PIN protected so to enter the details for the new certificate into that file you need to SO-PIN. No idea if opensc has issues like that, but maybe (feedback how our profiles are setup is very welcome!). anyway, the other files in tools/ don't use the callback mechanism as far as I can see, thus they don't need the complex code from ui.c / pkcs15-init.c. Regards, Andreas _______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
