Re: [Opensc-devel] State of session locking support

[Frank M. <mo...@in...>]

Hi!

> > > typedef void* sc_card_state_t;
> > >
> >
> > As far as I can see, all operations to use a card's key in C_Sign, for
> > example, is carried out automatically (except the login): select
> > application, set security environment, ... What should be the content of
> > some sc_card_state_t?
> >
> 
> This depends on the card. I would say that for starcos 3.x its the
> directory path
> and the password, this should work.
> 
> Thus:
> 
> typedef struct sc_starcos_card_state_s {
>   char* path;
>   char* password;
>   int pass_encoding;
> } sc_startcos_card_state_t;
> 
> 
> I don't have that much experience in OpenSC, this was only a guess
> how it could be done.
> And if some cards have different needs, like these "auth cookies",
> it can be handles in the card driver.
> 
> 
> 
> >
> > What are "auth cookies" and where are they stored/generated?
> >
> 
> it was mentioned in this thread, but I never used it.
> 
> > On Fri, Nov 13, 2015 at 2:38 PM, Alon Bar-Lev <alo...@gm...>
> wrote:
> >This is why a card should support authentication cookie as I outlined
> >and some do.
> >You use credentials to establish authentication and accept a cookie as
> >a response.

Well, whatever authentication cookies are, no card driver in OpenSC
implements them. Also, what you outlined above for Starcos is exactly
what I implemented on the PKCS#11 level.

-- 
Frank Morgner

Virtual Smart Card Architecture http://vsmartcard.sourceforge.net
OpenPACE                        http://openpace.sourceforge.net
IFD Handler for libnfc Devices  http://sourceforge.net/projects/ifdnfc