CKR_NEW_PIN_MODE and CKR_NEXT_OTP

Ryan Sleevi rsleevi at chromium.org
Thu Apr 17 11:56:22 PDT 2014


Potentially. They're definitely part of the spec (
http://www.emc.com/emc-plus/rsa-labs/standards-initiatives/otp-pcks-11-pkcs-11-for-one-time-password-tokens.htm)


On Thu, Apr 17, 2014 at 10:37 AM, Daniel Kahn Gillmor <dkg at fifthhorseman.net
> wrote:

> Hi p11-kit folks--
>
> i was looking at the source for truecrypt [0], and it appears to use
> pkcs11.h.  Looking at their source code, Common/SecurityToken.cpp
> appears to rely on two #defines that seem like they should belong to
> PKCS#11, but aren't in pkcs11.h from p11-kit.  In particular, the
> following two symbols aren't resolved:
>
>  CKR_NEW_PIN_MODE and CKR_NEXT_OTP
>
> I don't understand the history of PCKS#11 well enough to know what the
> background is here.
>
> But i do note that bind9 appears to define them this way:
>
> /* The following return values are new for PKCS #11 v2.20 amendment 3 */
> #define CKR_NEW_PIN_MODE                      0x000001B0
> #define CKR_NEXT_OTP                          0x000001B1
>
> Should these be added to pkcs11.h for p11-kit?
>
> Regards,
>
>         --dkg
>
> [0] http://www.truecrypt.org/downloads2
> [1]
>
> http://sources.debian.net/src/bind9/1:9.9.3.dfsg.P2-4/bin/pkcs11/include/pkcs11t.h?hl=1194#L1194
>
>
> _______________________________________________
> p11-glue mailing list
> p11-glue at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/p11-glue
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/p11-glue/attachments/20140417/fcfe6a10/attachment.html>


More information about the p11-glue mailing list