Viktor TARASOV wrote: > Martin Paljak wrote: > >> On Mar 3, 2010, at 12:01 , Andreas Jellinghaus wrote: >> >> >>> but if we end up saying "users of cryptoflex cards initialized with >>> opensc 0.11.* or earlier need to stay at that version and not update >>> to 0.12" we have a problem - few people will like that. even if not >>> so many people are affected, it is still bad publicity and will >>> give bug reports again and again (nobody reads FAQs and release notes). >>> >>> >> There has been the discussion of adding the version string of OpenSC to the >> card, so that it could be checked with. >> If that is implemented, we can add a warning to pkcs15-init. >> >> I have not followed the full code path for the PIN domain stuff, can't it be >> implemented in flex driver somehow? >> >> > > I will look it over. >
By the way, it seems that 'pin domain' was never working for certificates, and do not works for public keys starting from r1541. For these objects the profile ACLs (that contain '$PIN') are silently ignored and objects are stored in the application DF (not in the 'pin-domain') with all ACLs set to 'NONE' . In fact, when fixing up the ACLs for a new file, if symbolic PIN cannot be resolved, the ACLs are set to 'NONE'. (In the current trunk there is no silent actions, at least it's my intention). 'Pin domain' works for private keys and private data. Any objections if, for certificate and public key, I leave it like this ? > Regards, > Viktor -- Viktor Tarasov <[email protected]> _______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
