-
Notifications
You must be signed in to change notification settings - Fork 711
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
One card driver, 2 applets, 2 slots. #1476
Comments
I don't know if I understand your question correctly, but I can say that
|
In addition to looking at If your driver can support two applets it will have to keep track of which applet is active and will have to select the AID of the applet it wants to use. Depending on the applets on the card, switching applets can lose a login state, or other temporary information in the deselected applet. This is a big problem with independent applets. To make the two applets visible to PKCS]#11 can be done by PKCS#11 slots. To force OpenSC to create multiple slots for the same device the driver can list two (or more) PINs, one for each applet and create objects for each slot. Your own As Frank said: "If you want to support more than one internal card driver per card, try #1263." Depending on what you want to do with the two applets, for example one applications only want to use applet 1 and another applet only want to use applet2, you can provide each with a different |
Thank you for detailed explanation!
It will be single-thread EFI-application. Only selected applet of card will used. I already ported OpenSC to EFI. Stripped (under define) reading of configuration files (inserted default values), added <reader-efi.c>.
I already used this way (pkcs15 emulator and init functions in other card driver). So, seems I will to implement 2-nd applet card driver and try link to 2-nd slot. |
OK. |
@BakulinD Please have the license restrictions of OpenSC in mind. |
OK. I will keep it in mind. |
Problem Description
I develop driver for token with 2 applets.
1st applet already work anyway and compatible with vendor driver via PKCS#15 emulation
(btw, found that any (most?) OpenSC card drivers incompatible with vendors PKCS#11 drivers because OpenSC works mainly via PKCS#15. e.g. RuToken-ECP driver).
Card respond once on ATR. So, kernel(openSC) create 1 card object.
Then called sc_pkcs15_emulator_handler function.
It creates 2 sc_pkcs15_auth_info objects and kernel create 2 slots too.
It seems strange, because if applet is one, it has 2 users: user and s/o. But anyway I need 2 slots, maybe for user only per applet.
When application call PKCS#11 function C_OpenSession with any of 2 slots it cause in further all calls come to one same card object.
Questions are how:
The text was updated successfully, but these errors were encountered: