> It's completely hidden, for sure. Without login, you cant decided, if > there are private objects on the token or not. > True, after testing it earlier there is nothing there to see - it is as if the token does not exist (rightly so, I think).
>> I have to think about what other/better alternatives I have as executing >> "pkcs11-tool -O" and filtering the output seems to me a bit clumsy. >> > > You could write public readable meta data to the token. I.e. a object > where all the IDs of private objects are stored. But this requires > synchronisation on every create/delete operation. > Actually, having thought about it again, I think it makes sense that without proper authorisation there shouldn't even be a hint that this object exists. In which case I will have to implement just two modes - 'public' or 'private' - and leave it at that. As an aside question: when I create a data token I could specify "--auth-id" (I normally chose "--auth-id=01" if I need that data token to be private), which, to me, implies that I could register more than one "auth-id". Is that the case? Could I register, say, five auth-ids, and then select a different one for each token I create on the card? Is that possible or am I missing something? Is this auth-id just a template number as is the case with the certificates/private keys? _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
