2011/8/3 NdK <ndk.cla...@gmail.com>: > Then why I get *exaxtly* one slot per PIN (and in the slot name there's > the label I associated with the PIN? Maybe it's opensc-specific, but I > doubt. must be opensc is adding an slot for each application/pin. You should check this with someone/martin, but im pretty sure is this.
> In 2.30 concurrent access is explained quite well. Both multitasking and > multithreading -wise. ...tell me when developing :P We have thread support+lock+transactions to avoid process interference, but all this was "happily" superseeded qhen logical channels arrived at 7816-4 (which our card doesnt support either) > Should be this way. Experiments say otherwise. OpenSC implemente in other way, because PKCS#11 doesnt include multiple pin/virtual slot applications (Anex D?E?...was removed, and talked about this. check version 2.0 or earlier) > I do. And they're named after the labels I gave to my PINs. Did you read the example i gave you to understand what happend? OpenSC must be doing it like this. > You'd have to select the app before. IIUC you can't switch app while > card is in use (well, you an but it's like disconnecting a card and > inserting a new one, with its own ATR). > Discovering which apps are available on a card is another issue. But if I > need PKCS15, i select app > "A000000003000000" 'just to be sure'. Absolutely wrong: Consider applications as directories. One of them can be protected for reading, other for writing, or even "public". Your app could need to go trough some of then and your card will not be disconnected at all. PCSC common operation sum up: -establish context (get access to the pcsc service) -connect (comunicate with card...the ATR is received here, just once) -begin transaction (lock for exclusive access) -select 23 applications/DF, read 234232 EF... -entransaction -disconnect -release context What really happened here is that PKCS#15 helps a lot handling objects, but the interface its still #11. intended for cryptoki operations and without virtual slots "defined". If you want different certificates depending on which URL you are, PKCS#11 doesnt range this, and the you are "out of standard" If your application(Java) should use different certs (stored on different apps), then the simplest way is to connect to different PKCS#11 modules or slots Thats why opensc will show an slot for each Application/PIN. Its a way of accepting virtual slots, allowing multiple applications and readers, and making the coding harder. As always, any expert comment showing any mistake will be fine. _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
