Le 04/01/2012 15:30, Viktor Tarasov a écrit : > Le 04/01/2012 11:30, Hunter William a écrit : >>>>> My first suggestion is to set authId when parsing the contents of PrKDF. >>>> Ok, for now that should work fine, although longer term a better solution >>>> may be needed. Note that the AuthID may also be specified in terms of a >>>> security environment, which makes things a lot more complicated... It's >>>> probably best not to worry about that for now. (Would have to go from the >>>> AuthReference -> SE info -> PIN reference -> EF.AOD -> AuthID - it's a >>>> bit circular!) >>> Agree -- not to worry for a while. >>> Take also into consideration that for OpenSC pkcs#15 framework, as the >>> base library for pkcs#11 and minidriver, >>> it's only important the protection by 'PIN' authentication object . >>> Other types (SM, Auth.Extern) are not used by pkcs#15 and upper levels >>> (parsed, but not used). >>> As it currently implemented, these types of protections are resolved at >>> the libopensc level. >>> >>>> I'll try and make the change for the parsing of the PrKDF. >>> Fine. >>> >>>> Cheers, >>>> Will >>> Kind wishes, >>> Viktor. >>> >> As discussed (see above), attached is a patch which sets the authID for a >> private key from >> the accessControlRules in the case where authID is not present, but a >> corresponding >> accessControlRule is. > Fine, thanks, I will apply it.
Applied with some cosmetic changes, thanks. https://github.com/viktorTarasov/OpenSC/commit/593159abbf4e0ba0692d1c1d40ae090c7fa3db32 >> In theory a better longer term solution is necessary (there may be different >> PIN's per key >> operation), but in practice it may never be. >> >> Cheers, >> Will > _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
