Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Tommaso Cucinotta (tommaso.cucinottasssup.it)
Date: Wed Dec 15 2010 - 11:24:07 CST
Il 15/12/2010 17:52, Brian Thomas ha scritto:
> Does the Muscle applet actually support multiple User PINS (multiple
> auth-ids) simultaneously?
Yes . . .
> When I try to define additional user PINS using OpenSC version 0.11.13,
. . . at least through the libmusclecard API, I don't know how the
OpenSC adapter is done.
> I receive the following error. "Failed to set PIN: unknown error".
> My goal is to install 6 sets of private keys, public keys, and
> certificates into 6 different containers. Each container should
> preferably have its own PIN.
I'm not sure to get what you need here by "container". It seems you're
referring to an ISO7816-4-ish folder with stuff inside.
I can tell you that, if you want different private keys to be usable
after the verification of different PINs (identified by different PIN
numbers), then MuscleCard can do that, through its own API. You can
create your 6 PIN codes and create (or import) 6 on-board keys, then
associate the "use" rights of each key to a different PIN code (set a
different bit in the corresponding ACW/ACL bitmask), then you can use
each particular key only after the verification of the corresponding PIN
code (or, for what matters, you can even require the cryptographic
challenge-response based verification of more than one key).
However, the real question is: what software are you using ? How do you
expect such functionality to be used in practice ? Who's going to decide
which PIN number needs to be used to use which key, and how ? How is the
application going to decide which key to unblock, among the available ones ?
Tommaso Cucinotta, Computer Engineering PhD, Researcher
ReTiS Lab, Scuola Superiore Sant'Anna, Pisa, Italy
Tel +39 050 882 024, Fax +39 050 882 003
Muscle mailing list