Hello, On Jan 27, 2011, at 8:08 PM, Andre Zepezauer wrote: > some comments on r5124: > > 1. The values of pin_info->reference and prkey_info->key_reference > shouldn't be compared because: > > * pin_info->reference is used as P2 parameter in VERIFY command > * prkey_info->key_reference is used in MSE SET tag 0x84 > > There is no relation between these two values. See PKCS#15 for the > meaning of these attributes and attachment for another solution.
OK, needs a further investigation (during weekend or so..). I only recovered the functionality as it was before r4048, as the feature used to work. Maybe It was because an accidental side-effect. > 2. The Authentication-Objects can have two authId attributes because: > > * they can protect objects (this is > CommonAuthenticationObjectAttributes->authId) > * they could be protected by another PIN i.e. for unblocking purpose > (this is CommonObjectAttributes->authId) > > 3. User consent for PIN objects does make sense i.e. for unblocking purpose That's theoretical, to my knowledge this far user consent related bits have been used for digital signature keys only. > 4. There is also a ticket relating to pin re-validation (#293). That was probably the result of the same change. -- @MartinPaljak.net +3725156495 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
