Hello Nikos, just a few notes.
The pkcs#11 standard adresses cryptographic devices in general, not only smart-cards which might (or might not) have a single slot. Cryptographic devices such HSMs are capable of supporting many many slots. Slot can also be added and removed at wish. They're used, for example, in multi user remote signatures where you setup a server, connect it to a device, and have thousands (even millions sometime) of users remotely operate the device. Typically each user has a slot assigned which is protected with its own pin. The correct way to locate a particular user key is for the application to query by token name (returned by C_GetTokenInfo), but this might require a lookup that is beyond the capability of the engine. The slot_index is probably a less strong, yet still suitable way of locating the user's key. The slot_id is definitly not the way, as the application could break for apparently no reason just because the administrator upgraded the device back end software and the new implementation of pkcs#11 assigns different slots_id. Giulio. Il 10/05/2011 9.19, Nikos Mavrogiannopoulos ha scritto: > On Mon, May 9, 2011 at 9:53 PM, Alon Bar-Lev<alon.bar...@gmail.com> wrote: >> This is a matter of interpretation. >> Either is not constant and user is not suppose to know of. >> Apart of the special case of having a single slot, so you expect 0 I presume. >> You can check which slot is what simply by using: >> pkcs11-tool --list-slots --module /usr/lib/pkcs11/.... > To me slots and slot ids shouldn't be included in any APIs or > user interfaces involving PKCS #11. They do not make sense > to end-user or even the application itself. In gnutls we have > "p11tool" that does operations on PKCS #11 cards without > any knowledge of slots. > > regards, > Nikos -- Giuliano Bertoletti Pre-Sales Engineer - Technological Dept. Symbolic S.p.A. Viale Mentana, 29 I-43121 - Parma Tel. +39 0521 708811 Mob. +39 346 8749890 Fax +39 0521 776190 g...@symbolic.it www.symbolic.it _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
