> >> My first suggestion is to set authId when parsing the contents of PrKDF. > > Ok, for now that should work fine, although longer term a better solution > > may be needed. Note that the AuthID may also be specified in terms of a > > security environment, which makes things a lot more complicated... It's > > probably best not to worry about that for now. (Would have to go from the > > AuthReference -> SE info -> PIN reference -> EF.AOD -> AuthID - it's a > > bit circular!) > > Agree -- not to worry for a while. > Take also into consideration that for OpenSC pkcs#15 framework, as the > base library for pkcs#11 and minidriver, > it's only important the protection by 'PIN' authentication object . > Other types (SM, Auth.Extern) are not used by pkcs#15 and upper levels > (parsed, but not used). > As it currently implemented, these types of protections are resolved at > the libopensc level. > > > I'll try and make the change for the parsing of the PrKDF. > > Fine. > > > Cheers, > > Will > > Kind wishes, > Viktor. >
As discussed (see above), attached is a patch which sets the authID for a private key from the accessControlRules in the case where authID is not present, but a corresponding accessControlRule is. In theory a better longer term solution is necessary (there may be different PIN's per key operation), but in practice it may never be. Cheers, Will
0002-Scan-for-missing-private-key-auth_id-in-AccessContro.patch
Description: 0002-Scan-for-missing-private-key-auth_id-in-AccessContro.patch
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
