On 25/04/2011 14:33, jons...@terra.es wrote: > > I can figure out at least these different popups: [...] > 7 - "You'are about to emit a digital signature. Please confirm operation" And, anyway, you expose yourself to malicious apps that ask for a crypto pin and use it to sign a document... As long as we haven't cards with a display that can give feedback to the user about the requested op *as seen by the card*, we can't do much about that, unless using different pins for different ops. But how many users would really remember at least two (encode/decode and sign) different PINs? And what about a malicious app that says you're about to sign what you actually asked to sign and in reality submits a different document to the card?
BYtE, Diego. _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel