[Bug 2652] PKCS11 login skipped if login required and no pin set
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Fri Feb 23 07:37:24 AEDT 2018
https://bugzilla.mindrot.org/show_bug.cgi?id=2652
--- Comment #11 from Daniel Kucera <openssh at danman.eu> ---
(In reply to Jakub Jelen from comment #10)
> Thank you for testing the patch. But your changes again change the
> semantics and issue the pinpad login even if the PIN is NULL, which
> is not what you generally want.
But if CKF_LOGIN_REQUIRED is set why would one want to skip login?
>
> Or is your card requiring the login also for the listing of public
> keys? What do you get if you try to list the public objects from
> pkcs11-tool?
>
> pkcs11-tool -O /usr/lib/eidklient/libpkcs11_sig_x64.so
My card requires login for absolutely everything
$ pkcs11-tool -vvv --module /usr/lib/eidklient/libpkcs11_sig_x64.so -O
Using slot 0 with a present token (0x1)
$ pkcs11-tool -vvv --module /usr/lib/eidklient/libpkcs11_sig_x64.so -l
-O
Using slot 0 with a present token (0x1)
Private Key Object; RSA
label: 571cd7f3-0935-4218-b7cf-4b43af29d1bc
ID: ...
Usage: decrypt, sign
Access: always authenticate
Certificate Object; type = X.509 cert
label: 571cd7f3-0935-4218-b7cf-4b43af29d1bc
ID: ...
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list