On Tue, Jul 24, 2012 at 4:16 AM, Nguyễn Hồng Quân <quanngu...@mbm.vn> wrote: > Hi, > > I heard that you are successful to implement Admin PIN callback in PKCS#11. > Which card did you do? Can it be applied to OpenPGP? If yes, how should we > do? > > Thanks.
Where did you read that? I didnt say it... We have a very old card for which i made a pkcs#11 lib, not using opensc or anything else. well...openssl0.9.8 I dont konw if it can be applied to OpenPGP cause i dont know OpenPGP (Altought i will like to) There are 2 thing to implement: -CKU_SO login If you want a certificate to be used with CKU_SO instead of user, you could "ignore" the user type, have different slots for each user...these ways arent 100% compliant, but could do the trick. Anyhow, remember that, acording to the standard, the SO user its only for "initialization" purposes, so maybe you need a card supporting diferent users, rather that SO. -Callbacks: The same manner if you invoke C_Login with a PIN to login, If your token has CKF_PROTECTED_AUTHENTICATION_PATH, you could invoke C_Login with pin=NULL, and another library will try to autenticate before login into token. Thats probably not 100% standard compliant, but could do the trick. GURUS: how its the CKF_PROTECTED_AUTHENTICATION_PATH supposed to work? Will a pinpad "intercept" the calls to the card and request the PIN before sending it to the card? I dont remember if that was clear on standard. _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
