Hi, > -----Original Message----- > From: Viktor TARASOV > > Hi, > > Aventra development wrote: > > > > Here is a small patch that modifies the MyEID profile. This profile > > now initializes the cards like we want them (users are of course free > > to modify the profile to get cards like they want, but we think this > > should be the default). > > > > I suppose the ACL for card initialization (clearing card) is not > > desired to be NONE and therefore we undefined the > > KEEP_AC_NONE_FOR_INIT_APPLET, and you can anyway set it to anything > > you like by configuring the profile. > > > Your patch do not working for me when applied to trunk . > > The reasons are: > - actual implementation of pkcs15init needs to verify 'DELETE' acl of the > PKCS15-AppDF when doing 'create object' operations. So, your have to set it to > 'NONE' or 'User PIN'; > > - take into account my mail > http://www.opensc-project.org/pipermail/opensc-devel/2010- > September/014865.html > illustrated by diff from > http://www.opensc-project.org/pipermail/opensc-devel/2010- > September/014867.html > > In attachment there is a diff for myeid.profile (relative to trunk) that > actually 'works for me'.
Thanks Viktor, the your profile patch looks good. I did not test the patch I posted against current trunk, instead I used snapshot from changeset 4707, sorry about that. > > > There is a downside with this configuration, pkcs15-init now asks many > > times (5 times I think) for the USER PIN when it initializes the MyEID > > card and creates the required files (it does not matter what you > > enter, because it wont be verified since the card is in creation state). > > > I propose you to use '--pin' argument for the 'pkcs15-init' command. > > > Pkcs15-init creates the SO-PIN, but not the USER PIN. It would be nice > > if pkcs15-init would create both PINs, since it is built to support > > two PINs (User and SO). Currently we create the user pin after > > initialization and finalize the card after that. If somebody knows how > > to get rid of the unnecessary user PIN queries please apply fix or > > help us do it. > > > > Pkcs15-init creates both PINs with this kind of command: > #pkcs15-init -C --label "IDX-SCM" -P --auth-id 53434D --so-pin "12345678" -- > so-puk "123456" --pin "9999" --puk "8888" -F > Great, this makes the initialization much nicer. > #pkcs15-tool --list-pins > Using reader with a card: OmniKey CardMan 3121 00 00 PIN [Security Officer > PIN] Object Flags : [0x3], private, modifiable ID : ff Flags : [0xB0], > initialized, needs-padding, soPin Length : min_len:4, max_len:8, stored_len:8 > Pad char : 0xFF Reference : 3 Type : ascii-numeric Path : > > PIN [IDX-SCM] > Object Flags : [0x3], private, modifiable ID : 53434d Flags : [0x30], > initialized, needs-padding Length : min_len:4, max_len:8, stored_len:8 Pad > char : 0xFF Reference : 1 Type : ascii-numeric Path : > > > Please apply this small patch, thanks! > > > > Kind regards, > > > > Toni > > > > Kind wishes, > viktor. Best wishes, Toni > > > _______________________________________________ > > opensc-devel mailing list > > opensc-devel@lists.opensc-project.org > > http://www.opensc-project.org/mailman/listinfo/opensc-devel _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
