In Theorie you could configure in opensc.conf a pin caching and time to hold the pin. If that’s practical working need to be tested.
use_pin_caching = bool;
# Use PIN caching (Default: true)?
pin_cache_counter = num;
# How many times to use a PIN from cache before re-authenticating it (Default: `10`)?
pin_cache_ignore_user_consent = bool;
# Older PKCS#11 applications not supporting `CKA_ALWAYS_AUTHENTICATE` may need to set this to get signatures to work with some cards (Default: `false`).
Oh, and you should update to the newest OpenSC SW ( 20.x)
Looking at the debug logs, I see that PKCS15 framwork is reading this configuration, but it also looks like the pcsc reader is ignoring this ( and in addition e.g. enable a not available pin-pad )
No further suggestions from my side as I gave up using it due to banana software. I want to use it and not grow it. I was able to prevent the PIN question with the NK Pro using the macOS keychain and an scevent on macOS. But not with the HSM on a FreeBSD Sstem
I am not sure how would this work… the library is initialized every time a new application is started, you’d need to use something that signs multiple images at once in a loop.
But therefore there should be the pin caching feature in the settings, which does not work currently.
My current mechanism is I transfer the files to the sign server file by file and sign it file by file. A change by transferring all files first, then signing all and then sending all back could improve that, too. But would be a bigger change.
So a simple solving that pin caching would be easier (for me)… as it is a bug in OpenSC in my opinion.