On Mon, 2010-11-01 at 15:44 +0000, Mr Dash Four wrote: > > No. It forces a login, if -l is specified (even if login is NOT required). > > > Right, so I presume if I want to see whether a login is required I still > have to use "pkcs11-tool -O" and check whether the object I am > interested in is shown (and its 'private' flag is set). Is there another > (more straight-forward) alternative to that?
Maybe there is one. Since you are looking for a specific object, you have to store the ID somewhere and searching for it at execution time. Probably you can store the information on login requirement too. > The reason I am after this is because the 'prompt' won't be handled by > pkcs11-tool itself, but by another application, which displays a window > prompt (if in graphics mode) or just uses a message prompt similar to > pkcs11-tool (if in text mode), hence why I need to know in advance > whether login is required before executing pkcs11-tool. Handling of private objects is defined in [1]: * table 6 at page 22 and * page 137 [2] [1] ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf [2] Quotation from PKCS#11 v2.20: "The object search operation will only find objects that the session can view. For example, an object search in an "R/W Public Session" will not find any private objects (even if one of the attributes in the search template specifies that the search is for private objects)." _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel