On Fri, 2011-01-14 at 17:42 +0200, Aventra wrote: > Hi, > > > From: opensc-devel-boun...@lists.opensc-project.org [mailto:opensc-devel- > > > Anybody can change the profile if they want to. We have defined a > default > > profile for MyEID that suits common cases. > > > > Just for the sake of curiosity, can you post here an example of > 'protected' > > profile for MyEID card? > > We don't have that kind of profile, but somebody could make one if they > like. > > > > > >> What do you think, will it be sufficient, during the card > initialization, > > >> to create all xDF files that have 'CREATE' protected by SOPIN ? > > > What I mean is that OpenSC would create the whole structure defined in > the > > > profile, regardless of the ACL:s. > > > I know that the driver can do this by itself, but why not implement it > to > > OpenSC so that it would work for all cards? > > Personally I have no objections, but we cannot take rapid decision for all > the > > cards. I don't know if actually somebody considers as useful > > to not create all xDFs (including rarely used DODF, SKDF, ). We'll be > waiting > > for the other opinions. > > > > What can be done easily is a new profile option "create-all-xDF". So that, > you > > will have the possibility to do what you want in a non-intrusive for the > other > > cards manner. > > > > Take also into consideration that all card profile are loaded after the > > general 'pkcs15.profile', where all xDF are defined. > > And so the list of xDFs to create is not completely controlled by the > card's > > profile. > > > OK, well then perhaps this should be implemented to the card driver. > > > > > > One thing it could do, is to check when initialization is done each of > the > > > known identifiers (PrKDF, PuKDF, CDF..), > > > if these have been defined in the profile, it would create them. > > > > > > One additional feature that is lacking from OpenSC is that it does not > > > create the PIN codes automatically (except the SO-PIN). > > Sorry I do not follow what you mean. > > I mean that currently when initializing a MyEID card you need to run the > following commands: > - pkcs15-init -C /* create structure */ > - pkcs15-init -P -a 1 /* create user pin */ > - pkcs15-init -F /* finalize (activate) card */
Looks like a simple shell script would be the right solution. _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
