On Wed, May 30, 2012 at 12:36 PM, Nguyễn Hồng Quân <quanngu...@mbm.vn> wrote: > > Hello Alon, > > On Wed 30 May 2012 04:27:11 PM ICT, Alon Bar-Lev wrote: > > Hello, > > > > I think you have some confusion of what is PKCS#11 Admin PIN. > > The PKCS#11 Admin PIN is only usable to initialize a token, and > > optionally unlock the user PIN. > > It has no special privileges over the content of the card. > > But for OpenPGP card, the Admin PIN is required to write to the DO > which holds certificate (the 7F21 DO). Maybe this is specific for > OpenPGP card.
I understand. > > > > So you are prompted by firefox for the user PIN, which is OK. > > > > Anyway, what you have done is correct as far as opensc, use the pkcs15 > > tools in order to initialize the card and use the card within pkcs11 > > environments. > > Do you think use pkcs11 to change card content is unnecessary? > Actually no. After personalization a card content is constant. So we have 99.99999% of the time card content is unchanged. If personalization process is done via other interface it should not be a problem. OpenSC uses the pkcs15 utilities / emulation in order to personalize the cards, so the process is not exception. PKCS#11 is weak in term of privileges, not always it is possible to access the complete feature set via this interface without proprietary extensions. Alon. _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
