[Date Prev][Date Next]
Re: support for arbitrary PKCS11 pin input method
- To: Silvan Marco Fin <email@example.com>
- Subject: Re: support for arbitrary PKCS11 pin input method
- From: Rich Megginson <firstname.lastname@example.org>
- Date: Mon, 11 Oct 2010 09:57:50 -0600
- Cc: email@example.com
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:reply-to :user-agent:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=PkArPadaPpi/ibEjDcTWSDkMln0NHF7YjWmYF52FMo4=; b=d2fY+fbxg6H40UwCIl6ZH/YnS8Fx7RPa+ehOwc5TVhto98d/Yuks+SoPyyWhQTeJNQ 5D28Ybw5S84hTfskYDCrKE/g4Hs0rebCw5z2sRpDy6ihPhsCNONnBZnr1ZERDv1oq0kp 4i/bE5H9l+2dxqbsXvHJhsmO3zr5MiB8nqUNo=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:reply-to:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; b=WoWSWo1WAoFFQDmCbf7rp2UeXFsjUdHeYhXsBl5S5/pldJsahjlHeRaUROVrWOk5zS t2OrCauqwm9T3vDcv2SIYdo+sTYlRyz3dmye9TMI2WemM2auQP4zaTN1Qhx0OWe3SlTe a9qA+vEF5LgiueWBaUMRUmeEu+hTCd5hHOq50=
- In-reply-to: <4CB31DF9.firstname.lastname@example.org>
- References: <4CB31DF9.email@example.com>
- User-agent: Thunderbird 22.214.171.124 (X11/20100702)
Silvan Marco Fin wrote:
How would this work? Would you pass in a callback function with your
private context, and this callback function would be called with the
current MozNSS context + your provided context? What would be the
possible return values from your callback? What should the code do
depending upon each return value? Is there currently a way, via the
OpenLDAP API, to pass in such a function and context?
I searched through tls_m.c for means to enter the token PIN for a
PKCS11 token. I found a call to PK11_SetPasswordFunc(). The callback is
set to tlsm_pin_prompt(), which by itself uses tlsm_get_pin().
tlsm_get_pin() only supports reading the PIN from file or via STDIN. To
be usable within any form of gui, there would have to be some method to
pass a GUI callback to ask for the PIN.
Do you plan on implementing such a feature in the near future or is
there a proposed way of setting such a callback method?