-
Notifications
You must be signed in to change notification settings - Fork 186
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Need an option to specify no PIN is required for login #92
Comments
Actually, i think this is not required. Looks like I was not setting the |
Hmm. Maybe this is still a good thing to add. The PKCS11 spec says:
(emphasis added) Looks like it would be a good idea to allow a code path to say that the PIN is left intentionally unset. |
err, actually, looks like libp11 is already doing the right thing and checking for this flag, but the HSM is not setting that flag. 😞 |
FWIW GNOME keyring also uses |
Douglas E. Engert DEEngert@gmail.com |
From the original posted question, is the HSM not setting the CKF_PROTECTED_AUTHENTICATION_PATH because it is saying no pin or any other authentication path is even used. For example some keys may not be protected at all. (PIV has one key used to have the card authenticate itself. Used for physical access for door locks. It proves the card is being used, but does not prove the user knows any PIN.) CKF_PROTECTED_AUTHENTICATION_PATH says there is some authentication needed to access the token. |
@dengert GNOME keyring provides a PKCS#11 token of its own. That token sets the CKF_PROTECTED_AUTHENTICATION_PATH So if we want to test libp11 with tokens that use |
Some HSM's that I am testing (Thales) with do not require entering a PIN when run with a wrapper command. In this scenario, all the application needs to do is call
C_Login
with an empty pin. Right now, however, when invoked with an empty pin, libp11 currently blocks on stdin waiting for the user to enter a PIN -- not ideal for a backend server. Can workaround for now by entering a dummy pin, but it would be good to have an openssl engine control command that tells the library not to prompt for a pin.I'm thinking I would call it
NO_PIN
orNO_PROMPT_PIN
, and would be a "no value" control command likeVERBOSE
is currently. Does that sound reasonable?The text was updated successfully, but these errors were encountered: