On 14.01.2011 16:42, Aventra wrote: > Hi, > >> From: opensc-devel-boun...@lists.opensc-project.org [mailto:opensc-devel- >>> Anybody can change the profile if they want to. We have defined a default >>> profile for MyEID that suits common cases. >> Just for the sake of curiosity, can you post here an example of 'protected' >> profile for MyEID card? > We don't have that kind of profile, but somebody could make one if they like. I see.
>>>> What do you think, will it be sufficient, during the card initialization, >>>> to create all xDF files that have 'CREATE' protected by SOPIN ? >>> What I mean is that OpenSC would create the whole structure defined in the >>> profile, regardless of the ACL:s. >>> I know that the driver can do this by itself, but why not implement it to >>> OpenSC so that it would work for all cards? >> Personally I have no objections, but we cannot take rapid decision for all >> the cards. I don't know if actually somebody considers as useful >> to not create all xDFs (including rarely used DODF, SKDF, ). We'll be >> waiting for the other opinions. >> >> What can be done easily is a new profile option "create-all-xDF". So that, >> you will have the possibility to do what you want in a non-intrusive for the >> other cards manner. >> >> Take also into consideration that all card profile are loaded after the >> general 'pkcs15.profile', where all xDF are defined. >> And so the list of xDFs to create is not completely controlled by the card's >> profile. >> > OK, well then perhaps this should be implemented to the card driver. Why not. It's the most rapid and un-intrusive solution. >>> One thing it could do, is to check when initialization is done each of the >>> known identifiers (PrKDF, PuKDF, CDF..), >>> if these have been defined in the profile, it would create them. >>> >>> One additional feature that is lacking from OpenSC is that it does not >>> create the PIN codes automatically (except the SO-PIN). >> Sorry I do not follow what you mean. > I mean that currently when initializing a MyEID card you need to run the > following commands: > - pkcs15-init -C /* create structure */ > - pkcs15-init -P -a 1 /* create user pin */ > - pkcs15-init -F /* finalize (activate) card */ > > The first command actually asks for the User PIN but does not create it. It > would be nice if it would create it. > I have no experience with other cards, so don't know how if the User PIN is > created using the first command or not. > > It's not a big issue, but still, it's one extra step you need to know when > initializing cards. You can join all these commands in one. That's what I'm using to re-initialize MyEID card: # pkcs15-init -E # pkcs15-init -C --label "IDX-SCM" -P --auth-id 53434D --so-pin "12345678" --so-puk "123456" --pin "9999" --puk "8888" -F If you look into the source of pkcs15-init tool, you will see the execution order of the actions http://www.opensc-project.org/opensc/browser/trunk/src/tools/pkcs15-init.c#L263 'finalize' is called at the end of the all 'creative' actions. > Kind regards, > Toni King wishes, Viktor. _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
