[opensc-devel] Do smart card drivers generally support more than one PKCS#11 session?

Alon Bar-Lev alon.barlev at gmail.com
Thu Jun 9 13:11:11 PDT 2011

Most [usable] providers support this.

Although there are different issues to solve in your case, such as
calling twice to C_Initialize, not calling C_Finalize if C_Initialize
returned with already initialized.

Also, some implementations will treat authentication state same for
all sessions, so implementation should not  expect authentication at
both sessions.

I am not sure who OpenSC provider in lock mode [secured] will
behave... maybe one session will lock the other. But this is none
standard provider behavior anyway.


On Thu, Jun 9, 2011 at 10:37 PM, Stef Walter <stefw at collabora.co.uk> wrote:
> I'm working on integrating smart card support via PKCS#11 into glib and
> gcr (part of gnome-keyring). We're integrating with GnuTLS for TLS support.
> I'd like to be able to do a C_Login in my code, and then pass off the
> URL to Gnutls. GnuTLS would then open another session, recognize that
> we're already logged in (this may need a slight tweak in the gnutls
> code) and then proceed without prompting the user.
> The reason for this is that the gnutls callback for prompting the user
> to login is a global one, and hard to use from another library without
> assuming that the caller is the only gnutls consumer.
> Anyway, this all works well. But it relies on the assumption of having
> two sessions open on the smart card at once.
> So my question is if, in the experience of all you smart card gurus,
> most PKCS#11 smart card drivers (at least those worth supporting)
> support more than one session in the same application.
> Cheers,
> Stef
> _______________________________________________
> opensc-devel mailing list
> opensc-devel at lists.opensc-project.org
> http://www.opensc-project.org/mailman/listinfo/opensc-devel

More information about the p11-glue mailing list