One of the three unblock methods can be activated from the 'opensc-pkcs11' section of opensc.conf:
- C_SetPin() in the unlogged sesssion;
- C_SetPin() in the CKU_SPECIFIC_CONTEXT session;
- C_InitPin() in CKU_SO session (inspired by Pierre Ossman).
-- This last one works, for a while, only for the pkcs15 cards without SOPIN auth object.
For the pkcs15 cards with SOPIN, this method will be useful for the cards
that do not have then modes '00' and '01' of ISO command 'RESET RETRY COUNTER'.
Test commands:
# pkcs11-tool --module ./opensc-pkcs11.so --slot 0 --unlock-pin --puk "123456" --new-pin "9999"
# pkcs11-tool --module ./opensc-pkcs11.so --slot 0 --unlock-pin -l --login-type context-specific --puk "123456" --new-pin "9999"
# pkcs11-tool --module ./opensc-pkcs11.so --slot 0 --init-pin -l --new-pin "9999"
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3901 c6295689-39f2-0310-b995-f0e70906c6a9
Splitted key is stored as the two private keys with the same ID.
(It's not conform to PKCS#15, but tolerated by OpenSC.)
Previously used 'sc_pkcs15_find_prkey_by_id()' is not appropriated to the case of splitted key.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3900 c6295689-39f2-0310-b995-f0e70906c6a9
PKCS#11:
"To log into a token with a protected authentication path, the pPin parameter to C_Login should be NULL_PTR."
"To initialize the normal user?s PIN on a token with such a protected authentication path, the pPin parameter to C_InitPIN should be NULL_PTR."
"To modify the current user?s PIN on a token with such a protected authentication path, the pOldPin and pNewPin parameters to C_SetPIN should be NULL_PTR."
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3890 c6295689-39f2-0310-b995-f0e70906c6a9
C_CreateObject, C_CopyObject, C_DestroyObject, C_SetAttributeValue,
C_GenerateKey, C_GenerateKeyPair, C_UnwrapKey, C_DeriveKey if session is
read-only.
PKCS#11:
"C_InitPIN can only be called in the 'R/W SO Functions' state."
"C_SetPIN can only be called in the 'R/W Public Session' state, 'R/W SO
Functions' state, or 'R/W User Functions' state. An attempt to call it
from a session in any other state fails with error CKR_SESSION_READ_ONLY."
"Only session objects can be created/destroyed/modified
(C_CreateObject/C_DestroyObject/C_SetAttributeValue) during a read-only
session."
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3886 c6295689-39f2-0310-b995-f0e70906c6a9
a minor mistake in my patch for opensc_info(). For the Sun Studio 12.1
compiler (__SUNPRO_C == 0x5100) and later versions also, it must be
(__SUNPRO_C >> 4) & 0xFF to split the micro and mask the major version
number.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3881 c6295689-39f2-0310-b995-f0e70906c6a9
CKR_USER_ANOTHER_ALREADY_LOGGED_IN: It indicates that the specified user cannot be logged into the session, because another user is already logged into the session.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3862 c6295689-39f2-0310-b995-f0e70906c6a9
Working now with GOST R 34.10:
$ pkcs15-init --store-private-key key --key-usage sign,decrypt --auth-id 2 --id 1 --pin "12345678"
$ pkcs15-init --store-certificate my_cert --id 1 --pin "12345678"
But have problem: no CKA_GOSTR3410_PARAMS by retrieve pub_key from certificate, if pub_key object was removed (see parse_x509_cert, asn1_decode_gostr3410_params)
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3859 c6295689-39f2-0310-b995-f0e70906c6a9
- time stamp in the log messages: for Windows 1msec resolution, otherwise 1sec;
- one more dump hex function, to be easily inserted into the formatted message.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3856 c6295689-39f2-0310-b995-f0e70906c6a9