Subject: SO login into non-initialized token
maybe you’ve also seen this new question on StackExchange (https://crypto.stackexchange.com/questions/61822/what-is-the-proper-return-code-for-c-login-when-a-cku-so-attempts-to-log-into-a):
Looking at the PKCS#11 2.4 spec, C_Login returns CKR_USER_PIN_NOT_INITIALIZED when a "normal user's PIN has not yet been initialized with C_InitPIN". However, I can not find anything that would be analogous to a situation when a user calls C_Login for a CKU_SO user on a token that has not been initialized using C_InitToken.
That’s actually a good question IMO.
We simply return CKR_USER_PIN_NOT_INITIALIZED also in this case, but thinking about it now this doesn’t seem to be correct according to the description of this error code in the standard. But all other return values do not fit either.
Utimaco IS GmbH
Germanusstr. 4, D.52080 Aachen, Germany, Tel: +49-241-1696-0, www.utimaco.com
Seat: Aachen – Registergericht Aachen HRB 18922
VAT ID No.: DE 815 496 496
Managementboard: Malte Pollmann (Chairman) CEO, Dr. Frank J. Nellissen CFO
This communication is confidential. We only send and receive email on the basis of the terms set out at https://www.utimaco.com/en/e-mail-disclaimer/