Martin Paljak wrote: > On Mar 1, 2010, at 10:59 , Viktor TARASOV wrote: > >> Hi, >> >> do somebody uses the card profiles with the 'pin-domains' activated? >> Will you have any objections against the idea to abandon the support of >> the 'pin-domains' in pkcs15init ? >> >> Actually only one card driver cflex (and cyberflex), one of the first >> drivers, implements it . >> Afaik, for a long time these cards are not more produced. >> It's not going about the total elimination of the 'flex' card support, >> but about the support with one 'pin-domain', >> like the others card drivers do. >> >> Imho, the support of 'pin-domains' is an non-justified burden for the >> pkcs15init core . >> >> Alternative to 'pin-domains' is the multi-pkcs15-applications, which the >> implementation can be considered. >> > PKCS#15 does not talk about PIN domains, so the implementation should be > implemented in the card specific driver. Do you have any pointers do docs? >
I have no special docs, but, every card that supports the local PINs (I guess, practically, all the cards), can be used with the 'pin-domains'. It can be, but nobody (excepted 'flex') use it. > At the same time, the way I see it, it would break (multiple, all?) PINs on > Cryptoflex, which is a good working driver? > All my respects to this driver, the ancestor of many current drivers. It took me a certain time to get know how it works. Yes, it will break multiple PINs for 'flex' cards -- for this card only two local PINs per DF are possibles. But, does the multiple PINs functionality is really asked for (for this card)? > I have a cryptoflex, so I can help testing. Probably the only source for PIN > domains and the way it is implemented would be cryptoflex doc? > From the source I see: > /* Some cards need to keep all their PINs in separate directories. > * Create a subdirectory now, and put the pin into > * this subdirectory > */ > > At the same time, I was not able to delete cryptoflex with current trunk, it > seems that it tries to cache as a PIN the transport keys and crashes. Will > investigate. > Sorry, it's currently broken for this card. I've noticed that I have tested it with the unprotected profile. That's why these questions. Kind wishes, Viktor. -- Viktor Tarasov <[email protected]> _______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
