Andreas Jellinghaus wrote: > Am Dienstag 02 März 2010 10:50:08 schrieb [email protected]: > >> pkcs15init asepcos: fixup initialisation with protected profile >> >> ; new, athena dedicated, PIN pkcs15 flag 'TRANSPORT_KEY': >> in the Athena initialization procedure the 'trasport' SOPIN object is used. >> This object references to the pre-existing global SOPIN and is different >> from the final SOPIN of the card. This object should be ignored when >> fixing up the ACLs of the newly created file; >> >> ; the pkcs15 refereces of the new private keys are derived from the >> file-id; >> > > is this "transport key" different from the transport key used to initialize > (and erase) cryptoflex cards? >
In cryptoflex card the transport key uses 'AUT' authentication mechanism. xPIN uses the 'CHV' mechanism. These two mechanisms is differentiated at the ACLs level; 'Verify Key' command used for the first one and 'Verify PIN' for the second. In the athena card the 'transport key' uses the CHV mechanism. Probably 'transport key' nomination is not precise, it should be renamed into 'transport pin' . Finally, it's not a definitive -- after our discussion about 'pin domains' I guess that it can be implemented without new PIN flag. > Regards, Andrea Kind wishes, Viktor. -- Viktor Tarasov <[email protected]> _______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
