Hello, On Sep 12, 2010, at 7:46 PM, Peter Koch wrote: > pkcs15-tcos.c has not been modified for a long time (except some > minor cosmetic changes). So something else must have changed. Correct.
> I just did a quick "grep LOGIN_REQUIRED *.c" and it seems that only > the WestCOS and OpenPGP emulations set LOGIN_REQUIRED > while all other emulation-routines don't. CKF_LOGIN_REQUIRED from PKCS#11 (which is the flag missing in the 0.12 version for TCOS card) does not map 1:1 to TokenInfo.flags->loginRequired. (From PCKS#15): """ TokenInfo.tokenflags: This field contains information about the token per se. Flags include: ... if login (i.e. authentication) is required before accessing any data, ... """ So in PKCS#11 terms it is maybe more similar to CKA_PRIVATE, because: (From PKCS#11): """ Applications are not required to log into the token to view “public objects”; however, to view “private objects”, a user must be authenticated to the token by a PIN or some other token-dependent method (for example, a biometric device). """ """ CKF_LOGIN_REQUIRED: True if there are some cryptographic functions that a user must be logged in to perform """ Further, CKF_LOGIN_REQUIRED is not set based on the existence of SC_PKCS15_CARD_FLAG_LOGIN_REQUIRED, but if the tokens are arranged so that a slot will contain an authentication object [1] > If LOGIN_REQUIRED must now be set from within the emulation-routine > and if that was not necessary before then the LOGIN_REQUIRED flag > will be now missing for every card that has a pkcs15-emulation (except > WestCOS and OpenPGP). No, it should not be touched, the root cause should be identified instead. Mapping of objects is probably the culprit. [1] http://www.opensc-project.org/opensc/browser/trunk/src/pkcs11/framework-pkcs15.c#L798 -- Martin Paljak @martinpaljak.net +3725156495 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
