> @ALL: > The 'pkcs15-tool' should possibly be changed to output the raw data as > its default. That would not be that strange, because the unix command > 'cat' does exactly the same. Therefore users should be prepared for it. > That would be very wise!
> @MDF: > Before making even more effort on storing data objects, you should > definitely check if these objects are really private. My assumption is, > they are not. > OK, prior to last night I've had just one data object created with its private flag set (using "pkcs15-init -P --auth-id XX" - see one of my previous posts on this thread for details on how it was created). By the fact that I cannot see that object with pkcs11-tool and when I list it with "pkcs15-tool -D" (and see that its private flag is set) - though without logging in - I assume that the object is private, isn't that so? Last night I created 2 additional data objects (one private with a bigger size - 1k instead of 256 bytes, and one public) to see how pkcs11-tool uses the private flag and experiment a bit (worthy exercise as it turned out!). pkcs15-tool -D sees ALL data objects, though pkcs11-tool sees just the one which is 'public' (and which is stored in the 'mysterious' 3rd slot which appeared yesterday and I was wondering what the purpose of this slot is). When I use pkcs11-tool -lO (and log in properly) I also see ALL objects. > $pkcs15-tool -C > ... > Path: 3f0050153303 (read 3f00/5015/3303) > ... > $opensc-explorer > OpenSC [3F00]> cd 5015 > OpenSC [3F00/5015]> cat 3303 > ... > File dump comes here, without pin verification !!!!! > ... > OpenSC [3F00/5015]> exit > I will try that out when I get home tonight and will let you know. Two general questions: 1) To retrieve a data object (previously stored with "pkcs15-init -P" etc) I use "pkcs11-tool -ry data --application-label XXX --slot YYY" (if this data object is public, if private I add the -l option as well) where YYY and XXX are specified/known in advance. Is this going to work on all cards supported by OpenCT; and 2) Is the method of retrieval of data on this object the same regardless of the card used (i.e. executing pkcs11-tool with the above parameters and then either no PIN prompt if the object is public or a PIN prompt if the object has been stored with its --auth-id set)? The reason I ask this is because I would like the module I am developing to work on (at least the majority of) cards which are (at least) supported on OpenCT. _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
