On Mon, 2010-11-01 at 15:44 +0000, Mr Dash Four wrote:
> > No. It forces a login, if -l is specified (even if login is NOT required).
> >   
> Right, so I presume if I want to see whether a login is required I still 
> have to use "pkcs11-tool -O" and check whether the object I am 
> interested in is shown (and its 'private' flag is set). Is there another 
> (more straight-forward) alternative to that?

Maybe there is one. Since you are looking for a specific object, you
have to store the ID somewhere and searching for it at execution time.
Probably you can store the information on login requirement too. 

> The reason I am after this is because the 'prompt' won't be handled by 
> pkcs11-tool itself, but by another application, which displays a window 
> prompt (if in graphics mode) or just uses a message prompt similar to 
> pkcs11-tool (if in text mode), hence why I need to know in advance 
> whether login is required before executing pkcs11-tool.

Handling of private objects is defined in [1]:
* table 6 at page 22 and
* page 137 [2]


[1] ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf

[2] Quotation from PKCS#11 v2.20:
"The object search operation will only find objects that the session can
view. For example, an object search in an "R/W Public Session" will not
find any private objects (even if one of the attributes in the search
template specifies that the search is for private objects)."


_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Reply via email to