Le 04/01/2012 11:30, Hunter William a écrit : >>>> My first suggestion is to set authId when parsing the contents of PrKDF. >>> Ok, for now that should work fine, although longer term a better solution >>> may be needed. Note that the AuthID may also be specified in terms of a >>> security environment, which makes things a lot more complicated... It's >>> probably best not to worry about that for now. (Would have to go from the >>> AuthReference -> SE info -> PIN reference -> EF.AOD -> AuthID - it's a >>> bit circular!) >> Agree -- not to worry for a while. >> Take also into consideration that for OpenSC pkcs#15 framework, as the >> base library for pkcs#11 and minidriver, >> it's only important the protection by 'PIN' authentication object . >> Other types (SM, Auth.Extern) are not used by pkcs#15 and upper levels >> (parsed, but not used). >> As it currently implemented, these types of protections are resolved at >> the libopensc level. >> >>> I'll try and make the change for the parsing of the PrKDF. >> Fine. >> >>> Cheers, >>> Will >> Kind wishes, >> Viktor. >> > As discussed (see above), attached is a patch which sets the authID for a > private key from > the accessControlRules in the case where authID is not present, but a > corresponding > accessControlRule is.
Fine, thanks, I will apply it. > In theory a better longer term solution is necessary (there may be different > PIN's per key > operation), but in practice it may never be. > > Cheers, > Will _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
