When using a PINPAD reader and PKCS11_PREALLOCATE_VIRTUAL_SLOTS, then the PINPAD indicator is not properly propagated to virtual slots:
asc@calzone:~/projects/sc-hsm-embedded/src/pkcs11/.libs$ PKCS11_PREALLOCATE_VIRTUAL_SLOTS=2 pkcs11-tool --module /usr/local/lib/libsc-hsm-pkcs11.so -L
Available slots:
Slot 0 (0x1): REINER SCT cyberJack RFID komfort (5968333780) 00 00
token label : STARCOS.eUserPKI
token manufacturer : Giesecke & Devrient
token model : 3.5ID ECC C1 BNK
token flags : readonly, login required, PIN initialized, PIN pad present, token initialized
hardware version : 0.0
firmware version : 3.5
serial num :
Slot 1 (0x2): REINER SCT cyberJack RFID komfort (5968333780) 00 00.2
token label : STARCOS.QES1
token manufacturer : Giesecke & Devrient
token model : 3.5ID ECC C1 BNK
token flags : readonly, login required, PIN initialized, token initialized
hardware version : 0.0
firmware version : 3.5
serial num :
Slot 2 (0x3): REINER SCT cyberJack RFID komfort (5968333780) 00 00.3
token label : STARCOS.QES2
token manufacturer : Giesecke & Devrient
token model : 3.5ID ECC C1 BNK
token flags : readonly, login required, PIN initialized, token initialized
hardware version : 0.0
firmware version : 3.5
serial num :
The issue exists because PKCS11_PREALLOCATE_VIRTUAL_SLOTS creates virtual slots before SCardConnect and thus before the readers PINPAD capability is queried.
When creating virtual slots, the data from the primary slot is copied (thus usually preserving the PINPAD flag).
When using a PINPAD reader and PKCS11_PREALLOCATE_VIRTUAL_SLOTS, then the PINPAD indicator is not properly propagated to virtual slots:
asc@calzone:~/projects/sc-hsm-embedded/src/pkcs11/.libs$ PKCS11_PREALLOCATE_VIRTUAL_SLOTS=2 pkcs11-tool --module /usr/local/lib/libsc-hsm-pkcs11.so -L Available slots: Slot 0 (0x1): REINER SCT cyberJack RFID komfort (5968333780) 00 00 token label : STARCOS.eUserPKI token manufacturer : Giesecke & Devrient token model : 3.5ID ECC C1 BNK token flags : readonly, login required, PIN initialized, PIN pad present, token initialized hardware version : 0.0 firmware version : 3.5 serial num : Slot 1 (0x2): REINER SCT cyberJack RFID komfort (5968333780) 00 00.2 token label : STARCOS.QES1 token manufacturer : Giesecke & Devrient token model : 3.5ID ECC C1 BNK token flags : readonly, login required, PIN initialized, token initialized hardware version : 0.0 firmware version : 3.5 serial num : Slot 2 (0x3): REINER SCT cyberJack RFID komfort (5968333780) 00 00.3 token label : STARCOS.QES2 token manufacturer : Giesecke & Devrient token model : 3.5ID ECC C1 BNK token flags : readonly, login required, PIN initialized, token initialized hardware version : 0.0 firmware version : 3.5 serial num :
The issue exists because PKCS11_PREALLOCATE_VIRTUAL_SLOTS creates virtual slots before SCardConnect and thus before the readers PINPAD capability is queried.
When creating virtual slots, the data from the primary slot is copied (thus usually preserving the PINPAD flag).