diff --git a/src/pkcs15init/flex.profile b/src/pkcs15init/flex.profile index 0ca65316..d0752675 100644 --- a/src/pkcs15init/flex.profile +++ b/src/pkcs15init/flex.profile @@ -6,16 +6,6 @@ cardinfo { pin-encoding = ascii-numeric; pin-pad-char = 0x00; pin-domains = yes; - - # This profile does not PIN-protect certificates - # stored on the card. If you enable this, you MUST - # adjust the sizes of the pin-domain and key-dir DFs - # accordingly. - # - # Update: everything seems to work fine without this - # option, so it is commented out - # - # protect-certificates = no; } # Define reasonable limits for PINs and PUK diff --git a/src/pkcs15init/pkcs15-lib.c b/src/pkcs15init/pkcs15-lib.c index 59b629db..50b5c011 100644 --- a/src/pkcs15init/pkcs15-lib.c +++ b/src/pkcs15init/pkcs15-lib.c @@ -1496,22 +1496,6 @@ sc_pkcs15init_store_certificate(struct sc_pkcs15_card *p15card, r = select_id(p15card, SC_PKCS15_TYPE_CERT, &args->id); SC_TEST_RET(ctx, r, "Select certificate ID error"); - if (profile->protect_certificates) { - /* If there is a private key corresponding to the ID given - * by the user, make sure $PIN references the pin protecting - * this key - */ - r = -1; - if (args->id.len != 0 - && sc_pkcs15_find_prkey_by_id(p15card, &args->id, &object) == 0) { - r = set_user_pin_from_authid(p15card, profile, &object->auth_id); - SC_TEST_RET(ctx, r, "Failed to assign user pin reference " - "(copied from private key auth_id)"); - } - if (r == -1) /* User pin ref not yet set */ - set_user_pin_from_authid(p15card, profile, NULL); - } - object = sc_pkcs15init_new_object(SC_PKCS15_TYPE_CERT_X509, label, NULL, NULL); if (object == NULL) SC_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "Failed to allocate certificate object"); diff --git a/src/pkcs15init/profile.c b/src/pkcs15init/profile.c index 36e673cc..6522c00c 100644 --- a/src/pkcs15init/profile.c +++ b/src/pkcs15init/profile.c @@ -147,11 +147,11 @@ static struct map pkcs15DfNames[] = { { NULL, 0 } }; static struct map pinTypeNames[] = { - { "BCD", 0 }, - { "ascii-numeric", 1 }, - { "utf8", 2 }, - { "half-nibble-bcd", 3 }, - { "iso9564-1", 4 }, + { "BCD", SC_PKCS15_PIN_TYPE_BCD }, + { "ascii-numeric", SC_PKCS15_PIN_TYPE_ASCII_NUMERIC }, + { "utf8", SC_PKCS15_PIN_TYPE_UTF8 }, + { "half-nibble-bcd", SC_PKCS15_PIN_TYPE_HALFNIBBLE_BCD }, + { "iso9564-1", SC_PKCS15_PIN_TYPE_ISO9564_1 }, { NULL, 0 } }; static struct map pinIdNames[] = { @@ -274,7 +274,6 @@ sc_profile_new(void) return NULL; pro->p15_spec = p15card = sc_pkcs15_card_new(); - pro->protect_certificates = 1; pro->pkcs15.do_last_update = 1; if (p15card) { @@ -293,7 +292,7 @@ sc_profile_new(void) /* Assume card does RSA natively, but no DSA */ pro->rsa_access_flags = DEF_PRKEY_RSA_ACCESS; pro->dsa_access_flags = DEF_PRKEY_DSA_ACCESS; - pro->pin_encoding = 0x01; + pro->pin_encoding = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC; pro->pin_minlen = 4; pro->pin_maxlen = 8; pro->id_style = SC_PKCS15INIT_ID_STYLE_NATIVE; @@ -788,12 +787,6 @@ do_pin_domains(struct state *cur, int argc, char **argv) return get_bool(cur, argv[0], &cur->profile->pin_domains); } -static int -do_protect_certificates(struct state *cur, int argc, char **argv) -{ - return get_bool(cur, argv[0], &cur->profile->protect_certificates); -} - static int do_card_label(struct state *cur, int argc, char **argv) { @@ -1590,7 +1583,6 @@ static struct command ci_commands[] = { { "pin-encoding", 1, 1, do_default_pin_type }, { "pin-pad-char", 1, 1, do_pin_pad_char }, { "pin-domains", 1, 1, do_pin_domains }, - { "protect-certificates", 1, 1, do_protect_certificates }, { "label", 1, 1, do_card_label }, { "manufacturer", 1, 1, do_card_manufacturer}, diff --git a/src/pkcs15init/profile.h b/src/pkcs15init/profile.h index 32d8598e..a1ac2923 100644 --- a/src/pkcs15init/profile.h +++ b/src/pkcs15init/profile.h @@ -104,7 +104,6 @@ struct sc_profile { unsigned int puk_attempts; unsigned int rsa_access_flags; unsigned int dsa_access_flags; - unsigned int protect_certificates; struct { unsigned int direct_certificates;