Am Mittwoch 24 Februar 2010 10:19:29 schrieb Martin Paljak: ... > > do we have a web page documenting the differences > > between opensc-pkcs11.so and oneping-opensc-pkcs11.so, > > and can we link to that? I guess most normal users > > will be fine with opensc-pkcs11.so? > > No. It should be documented on > http://www.opensc-project.org/opensc/wiki/PKCS11. > > The difference is the number of objects exposed to the application. > > opensc-pkcs11.so exposes all PINs, all keys and certificates. This can a) > take a long time (if you need to read all certificates off the card) b) > make applications behave in an annoying way (like Firefox, which will ask > you the PINs of all slots before selecting a ceritificate) > > > onepin-opensc-pkcs11.so exposes only a single slot and single pin code with > probably a single ceritificate. With EU eID cards it would be the > authentication certificate which most applications that deal with > authentication anyway use. > > It could be also taken as a "security feature" if you don't expose your > non-repudiation key accidentally to an application that might mis-use it > somehow. > > I'll try to figure out a more helpful explanation
ok, thanks. so "onepin" opensc-pkcs11.so has nothing to do with "onepin" option in pkcs#11 profile? maybe then we should have different terms for each. Regards, Andreas _______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
