Tim,
I have a few questions for clarification of your proposal for C_SetPINUSer / C_InitPINUser:
C_InitPINUser
- “C_InitPINUser initializes the normal user’s PIN.” In my understanding, the normal user is CKU_USER,
which does not have a username. The email which triggered this proposal rather referred to a CKU_CONTEXT_SPECIFIC user. Is the proposal intending to introduce a user name for the normal user, or is it targeting the context-specific user? In other words, is
the reference to the normal user in that sentence just the result of copying from C_InitPIN, and must be updated to something like “C_InitPINUser initializes the PIN of a context-specific
user”? The term “normal user’s PIN” also appears in the 3rd section and needs to be updated eventually.
C_SetPINUSer
- Similar question applies to C_SetPINUser and the wording “C_SetPINUser modifies …, or the CKU_USER PIN if the
session is not logged in.”
- In case C_SetPINUser applies to a user which is already logged in, but pUsername is a different username than the name of the logged-in user, which error code should be returned? None
of the existing specific error codes really fits; CKR_PIN_INCORRECT possibly comes close but does not really tell what’s wrong, CKR_GENERAL_ERROR does not give any hint about the wrong username but at least does not point into a wrong direction.
Best regards,
Dieter
From: pkcs11@lists.oasis-open.org <pkcs11@lists.oasis-open.org>
On Behalf Of Tim Hudson
Sent: Sunday, March 5, 2023 3:59 AM
To: pkcs11@lists.oasis-open.org
Subject: [pkcs11] Groups - C_SetPINUser-C_InitPINUser.pdf uploaded
Submitter's message
Modified versions of C_SetPin and C_InitPIN adding the username parameter to the end of each function.
-- Tim Hudson
Utimaco IS GmbH
Germanusstr. 4, D.52080 Aachen, Germany, Tel: +49-241-1696-0, www.utimaco.com
Seat: Aachen – Registergericht Aachen HRB 18922
VAT ID No.: DE 815 496 496
Managementboard: Stefan Auerbach, Martin Stamm, Hacan Tiwemark
This communication is confidential. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. Please inform us immediately and destroy the email.
|