The pin is a bit of a pain on this system. On a Mac could would be able to let KeyChain safety handle the pin.
There is also a program/script called “keychain” for other OS’s , but has a focus on the pass-phrase for ssh. While the pass-phrases could be handled by the ssh-agent after the first load, the pin is requested every time you reach the pkcs11-lib. So in generic it would need either
- a library that could handle a pin
- a HW that would allow to disable the pin (by request - e.g. when called through api )
- at least a HW that could setup a pin lifettime
Also the OpenSC is not working as described: should not read all keys and then additional complain about keys that will not work ( as they are not designed for ssh - but should not have been read )
To be honest: I have now de-installed all HW keys - the balance between advantage and dis-advantages is today on the second as the supporting software is “Bananas” (ripen on customer side)