const char *token_label, unsigned int flags, char *pin,
size_t pin_max)
{
- const char *password;
+ const char *password = NULL;
const char *desc;
int cache = MAX_CACHE_TRIES;
unsigned len;
printf("Token '%s' with URL '%s' ", token_label, token_url);
printf("requires %s PIN\n", desc);
+
+ password = getenv("GNUTLS_PKCS11_PIN");
+
+ if (password == NULL)
+ password = getpass("Enter PIN: ");
+ else {
+ if (flags & GNUTLS_PIN_WRONG) {
+ fprintf(stderr, "Cannot continue with a wrong password in the environment.\n");
+ exit(1);
+ }
+ }
- password = getpass("Enter PIN: ");
if (password == NULL || password[0] == 0) {
fprintf(stderr, "No password given\n");
exit(1);
To use PKCS #11 tokens with gnutls the configuration file
/etc/gnutls/pkcs11.conf has to exist and contain a number of lines of the form 'load=/usr/lib/opensc-pkcs11.so'.
+Alternatively the p11-kit configuration files have to be setup.
+
+To provide the PIN for all the operations below use the environment variable
+GNUTLS_PKCS11_PIN.
";
short-usage = "p11tool [options] [url]\np11tool --help for usage instructions.\n";