There are a number of callback functions that a tokend module must
provide. securityd will call your tokend's provided callbacks to
read the contents of the card, sign or encrypt data, change the
card's PIN, and so on.
While actually developing a tokend module, i have the question: How
exactly does one change the pin of a smartcard (especially when it
has several pins) via... keychain ? what is the UI for such
'maintenance operations' ?
You should be able to change a smartcard's PIN via the "Change
password for 'smart card'" menu item, under the Edit menu in Keychain
Access. This menu item just calls the SecKeychainChangePassword()
function, which in turn calls CSSM_DL_PassThrough() with the
CSSM_APPLECSPDL_DB_CHANGE_PASSWORD constant. This tells securityd to
change the master secret (PIN or password) for that database. The UI
panel is put up if needed (e.g. if you didn't programmatically supply
the old PIN and a valid new PIN.)
Obviously, all those menus and dialogs should read "PIN" instead of
"password" when the selected keychain is a smartcard. That is a known
bug for us to fix.
Note that individual keys in a keychain (or smartcard) can also have
a separate usage password (or PIN), depending on how their ACL is
configured. We don't currently have a UI path for changing the usage
passwords.
One problem that the examples from Tokend-11 give is the way pin is
asked - promptpwsubject seems to be the only one that works. User
should see 'enter *PIN*' not 'enter password'.
How are pinpad readers and such handled ?
They aren't, at this time.
-ken
--
Martin Paljak
email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Apple-cdsa mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/apple-cdsa/email@hidden
