Create new type "privdata" in all profiles with different
ACL settings, and check C_CreateObject parameter CKA_PRIVATE aka pkcs15_create_data args.auth_id variable, aka sc_pkcs15init_new_object object->flags & SC_PKCS15_CO_FLAG_PRIVATE to decide if "data" or "privdata" profile needs to be used. Tested with cryptoflex 32k and opensc-explorer, now I no longer can "get" the data object file stored with "--private". git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3605 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
a89b14668f
commit
8a6bc59e66
|
@ -102,7 +102,15 @@ filesystem {
|
|||
UPDATE=$PIN,
|
||||
ERASE=$PIN;
|
||||
}
|
||||
|
||||
# private data objects are stored in transparent EFs.
|
||||
EF privdata {
|
||||
file-id = 3402;
|
||||
structure = transparent;
|
||||
ACL = *=NEVER,
|
||||
READ=$PIN,
|
||||
UPDATE=$PIN,
|
||||
ERASE=$PIN;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -97,6 +97,16 @@ filesystem {
|
|||
ERASE=$PIN;
|
||||
}
|
||||
|
||||
# private data objects are stored in transparent EFs.
|
||||
EF privdata {
|
||||
file-id = 3403;
|
||||
structure = transparent;
|
||||
ACL = *=NEVER,
|
||||
READ=$PIN,
|
||||
UPDATE=$PIN,
|
||||
ERASE=$PIN;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
# This is needed when generating a key on-card.
|
||||
|
|
|
@ -111,6 +111,10 @@ filesystem {
|
|||
file-id = 4600;
|
||||
ACL = *=$PIN, READ=NONE;
|
||||
}
|
||||
EF privdata {
|
||||
file-id = 4700;
|
||||
ACL = *=$PIN;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -174,6 +174,13 @@ filesystem {
|
|||
ACL = *=NEVER,READ=NONE,UPDATE=$PIN;
|
||||
}
|
||||
|
||||
# private data objects are stored in transparent EFs.
|
||||
EF data {
|
||||
file-id = 3401;
|
||||
structure = transparent;
|
||||
ACL = *=NEVER,READ=$PIN,UPDATE=$PIN;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -115,6 +115,10 @@ filesystem {
|
|||
file-id = 4600;
|
||||
ACL = *=$PIN, READ=NONE;
|
||||
}
|
||||
EF privdata {
|
||||
file-id = 4700;
|
||||
ACL = *=$PIN;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -72,6 +72,16 @@ filesystem {
|
|||
WRITE=$PIN;
|
||||
}
|
||||
|
||||
# private data objects are stored in transparent EFs.
|
||||
EF privdata {
|
||||
file-id = 3300;
|
||||
structure = transparent;
|
||||
ACL = *=NEVER,
|
||||
READ=$PIN,
|
||||
UPDATE=$PIN,
|
||||
WRITE=$PIN;
|
||||
}
|
||||
|
||||
EF public-key {
|
||||
file-id = 3300;
|
||||
structure = transparent;
|
||||
|
|
|
@ -92,6 +92,16 @@ filesystem {
|
|||
ERASE=$PIN;
|
||||
}
|
||||
|
||||
# private data objects are stored in transparent EFs.
|
||||
EF privdata {
|
||||
file-id = 3402;
|
||||
structure = transparent;
|
||||
ACL = *=NEVER,
|
||||
READ=$PIN,
|
||||
UPDATE=$PIN,
|
||||
ERASE=$PIN;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
# This is needed when generating a key on-card.
|
||||
|
|
|
@ -41,6 +41,11 @@ filesystem {
|
|||
file-id = 3200;
|
||||
acl = *=NEVER, UPDATE=$PIN, READ=NONE,
|
||||
ERASE=$SOPIN;
|
||||
}
|
||||
EF privdata {
|
||||
file-id = 3500;
|
||||
acl = *=NEVER, UPDATE=$PIN, READ=$PIN,
|
||||
ERASE=$SOPIN;
|
||||
}
|
||||
EF public-key {
|
||||
file-id = 3300;
|
||||
|
|
|
@ -162,6 +162,15 @@ filesystem {
|
|||
READ=NONE,
|
||||
UPDATE=$PIN,
|
||||
ERASE=$PIN;
|
||||
}
|
||||
# private data objects are stored in transparent EFs.
|
||||
EF privdata {
|
||||
file-id = 3400;
|
||||
structure = transparent;
|
||||
ACL = *=NEVER,
|
||||
READ=$PIN,
|
||||
UPDATE=$PIN,
|
||||
ERASE=$PIN;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -2339,7 +2339,10 @@ static int select_object_path(sc_pkcs15_card_t *p15card, sc_profile_t *profile,
|
|||
name = "certificate";
|
||||
break;
|
||||
case SC_PKCS15_TYPE_DATA_OBJECT:
|
||||
name = "data";
|
||||
if (obj->flags & SC_PKCS15_CO_FLAG_PRIVATE)
|
||||
name = "privdata";
|
||||
else
|
||||
name = "data";
|
||||
break;
|
||||
default:
|
||||
return 0;
|
||||
|
|
|
@ -122,6 +122,15 @@ filesystem {
|
|||
READ=NONE,
|
||||
UPDATE=$PIN,
|
||||
ERASE=$PIN;
|
||||
}
|
||||
# private data objects are stored in transparent EFs.
|
||||
EF privdata {
|
||||
file-id = 3401;
|
||||
structure = transparent;
|
||||
ACL = *=NEVER,
|
||||
READ=$PIN,
|
||||
UPDATE=$PIN,
|
||||
ERASE=$PIN;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue