2009-09-17 07:50:28 +00:00
|
|
|
#
|
|
|
|
# PKCS15 r/w profile for MyEID cards
|
|
|
|
#
|
2009-10-23 13:08:32 +00:00
|
|
|
|
2009-09-17 07:50:28 +00:00
|
|
|
cardinfo {
|
2009-10-23 13:08:32 +00:00
|
|
|
label = "MyEID";
|
|
|
|
manufacturer = "Aventra Ltd.";
|
|
|
|
min-pin-length = 4;
|
2010-02-21 18:24:41 +00:00
|
|
|
max-pin-length = 8;
|
|
|
|
pin-encoding = ascii-numeric;
|
2009-10-23 13:08:32 +00:00
|
|
|
pin-pad-char = 0xFF;
|
|
|
|
}
|
|
|
|
|
|
|
|
#
|
|
|
|
# The following controls some aspects of the PKCS15 we put onto
|
|
|
|
# the card.
|
|
|
|
#
|
|
|
|
pkcs15 {
|
|
|
|
# Put certificates into the CDF itself?
|
|
|
|
direct-certificates = no;
|
|
|
|
# Put the DF length into the ODF file?
|
|
|
|
encode-df-length = no;
|
|
|
|
# Have a lastUpdate field in the EF(TokenInfo)?
|
|
|
|
do-last-update = no;
|
|
|
|
}
|
|
|
|
|
|
|
|
option default {
|
|
|
|
macros {
|
|
|
|
#protected = READ=NONE, UPDATE=CHV1, DELETE=CHV2;
|
|
|
|
#unprotected = READ=NONE, UPDATE=CHV1, DELETE=CHV1;
|
|
|
|
|
2011-04-15 17:11:38 +00:00
|
|
|
unusedspace-size = 510;
|
|
|
|
odf-size = 255;
|
|
|
|
aodf-size = 255;
|
|
|
|
cdf-size = 1530;
|
|
|
|
cdf-trusted-size = 510;
|
|
|
|
prkdf-size = 1530;
|
|
|
|
pukdf-size = 1530;
|
|
|
|
dodf-size = 255;
|
2009-10-23 13:08:32 +00:00
|
|
|
}
|
2009-09-17 07:50:28 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
# Define reasonable limits for PINs and PUK
|
|
|
|
# Note that we do not set a file path or reference
|
|
|
|
# here; that is done dynamically.
|
|
|
|
PIN user-pin {
|
2009-10-23 13:08:32 +00:00
|
|
|
reference = 1;
|
|
|
|
min-length = 4;
|
|
|
|
max-length = 8;
|
2010-09-04 20:46:07 +00:00
|
|
|
attempts = 3;
|
2009-10-23 13:08:32 +00:00
|
|
|
flags = initialized, needs-padding;
|
2009-09-17 07:50:28 +00:00
|
|
|
}
|
2009-10-23 13:08:32 +00:00
|
|
|
|
2009-09-17 07:50:28 +00:00
|
|
|
PIN user-puk {
|
2009-10-23 13:08:32 +00:00
|
|
|
min-length = 4;
|
|
|
|
max-length = 8;
|
2010-09-27 07:50:14 +00:00
|
|
|
attempts = 10;
|
|
|
|
flags = needs-padding;
|
2009-10-23 13:08:32 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
PIN so-pin {
|
2010-02-21 18:24:41 +00:00
|
|
|
reference = 3;
|
|
|
|
auth-id = FF;
|
2009-10-23 13:08:32 +00:00
|
|
|
min-length = 4;
|
|
|
|
max-length = 8;
|
2010-09-04 20:46:07 +00:00
|
|
|
attempts = 3;
|
2009-10-23 13:08:32 +00:00
|
|
|
flags = initialized, soPin, needs-padding;
|
|
|
|
}
|
|
|
|
|
|
|
|
PIN so-puk {
|
|
|
|
min-length = 4;
|
|
|
|
max-length = 8;
|
2010-09-04 20:46:07 +00:00
|
|
|
attempts = 10;
|
2009-10-23 13:08:32 +00:00
|
|
|
flags = needs-padding;
|
2009-09-17 07:50:28 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
# Additional filesystem info.
|
|
|
|
# This is added to the file system info specified in the
|
|
|
|
# main profile.
|
|
|
|
filesystem {
|
|
|
|
DF MF {
|
2010-09-04 20:46:07 +00:00
|
|
|
path = 3F00;
|
|
|
|
type = DF;
|
2010-09-27 07:50:14 +00:00
|
|
|
acl = CREATE=$PIN, DELETE=$SOPIN;
|
2010-09-04 20:46:07 +00:00
|
|
|
|
|
|
|
# This is the DIR file
|
|
|
|
EF DIR {
|
|
|
|
file-id = 2F00;
|
|
|
|
structure = transparent;
|
|
|
|
size = 128;
|
|
|
|
acl = READ=NONE, UPDATE=$SOPIN, DELETE=$SOPIN;
|
|
|
|
}
|
2009-09-17 07:50:28 +00:00
|
|
|
DF PKCS15-AppDF {
|
2010-09-04 20:46:07 +00:00
|
|
|
type = DF;
|
|
|
|
file-id = 5015;
|
2010-09-27 07:50:14 +00:00
|
|
|
acl = DELETE=$PIN, CREATE=$PIN;
|
2009-10-23 13:08:32 +00:00
|
|
|
|
2010-09-04 20:46:07 +00:00
|
|
|
EF PKCS15-ODF {
|
|
|
|
file-id = 5031;
|
2009-10-23 13:08:32 +00:00
|
|
|
structure = transparent;
|
2010-09-04 20:46:07 +00:00
|
|
|
size = $odf-size;
|
2010-09-27 07:50:14 +00:00
|
|
|
acl = READ=NONE, UPDATE=$PIN, DELETE=$SOPIN;
|
2010-09-04 20:46:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
EF PKCS15-TokenInfo {
|
|
|
|
file-id = 5032;
|
|
|
|
structure = transparent;
|
|
|
|
acl = READ=NONE, UPDATE=$SOPIN, DELETE=$SOPIN;
|
|
|
|
}
|
2009-10-23 13:08:32 +00:00
|
|
|
|
2010-09-04 20:46:07 +00:00
|
|
|
EF PKCS15-UnusedSpace {
|
|
|
|
file-id = 5033;
|
|
|
|
structure = transparent;
|
|
|
|
size = $unusedspace-size;
|
|
|
|
acl = READ=NONE, UPDATE=$SOPIN, DELETE=$SOPIN;
|
|
|
|
}
|
2009-10-23 13:08:32 +00:00
|
|
|
|
2010-09-04 20:46:07 +00:00
|
|
|
EF PKCS15-AODF {
|
|
|
|
file-id = 4401;
|
|
|
|
structure = transparent;
|
|
|
|
size = $aodf-size;
|
|
|
|
acl = READ=NONE, UPDATE=$SOPIN, DELETE=$SOPIN;
|
|
|
|
}
|
2009-10-23 13:08:32 +00:00
|
|
|
|
2010-09-04 20:46:07 +00:00
|
|
|
EF PKCS15-PrKDF {
|
|
|
|
file-id = 4402;
|
|
|
|
structure = transparent;
|
|
|
|
size = $prkdf-size;
|
2010-09-27 07:50:14 +00:00
|
|
|
acl = *=NEVER, READ=NONE, UPDATE=$PIN, DELETE=$SOPIN;
|
2010-09-04 20:46:07 +00:00
|
|
|
}
|
2009-10-23 13:08:32 +00:00
|
|
|
|
2010-09-04 20:46:07 +00:00
|
|
|
EF PKCS15-PuKDF {
|
2011-04-15 17:11:38 +00:00
|
|
|
file-id = 4404;
|
2010-09-04 20:46:07 +00:00
|
|
|
structure = transparent;
|
|
|
|
size = $pukdf-size;
|
2010-09-27 07:50:14 +00:00
|
|
|
acl = *=NEVER, READ=NONE, UPDATE=$PIN, DELETE=$SOPIN;
|
2010-09-04 20:46:07 +00:00
|
|
|
}
|
2009-10-23 13:08:32 +00:00
|
|
|
|
2010-09-04 20:46:07 +00:00
|
|
|
EF PKCS15-CDF {
|
2011-04-15 17:11:38 +00:00
|
|
|
file-id = 4403;
|
2010-09-04 20:46:07 +00:00
|
|
|
structure = transparent;
|
|
|
|
size = $cdf-size;
|
2010-09-27 07:50:14 +00:00
|
|
|
acl = *=NEVER, READ=NONE, UPDATE=$PIN, DELETE=$SOPIN;
|
2010-09-04 20:46:07 +00:00
|
|
|
}
|
2009-10-23 13:08:32 +00:00
|
|
|
|
2011-04-15 17:11:38 +00:00
|
|
|
EF PKCS15-CDF-TRUSTED {
|
2010-09-04 20:46:07 +00:00
|
|
|
file-id = 4405;
|
|
|
|
structure = transparent;
|
2011-04-15 17:11:38 +00:00
|
|
|
size = $cdf-trusted-size;
|
|
|
|
acl = *=NEVER, READ=NONE, UPDATE=$PIN, DELETE=$SOPIN;
|
|
|
|
}
|
|
|
|
|
|
|
|
EF PKCS15-DODF {
|
|
|
|
file-id = 4406;
|
|
|
|
structure = transparent;
|
2010-09-04 20:46:07 +00:00
|
|
|
size = $dodf-size;
|
2010-09-27 07:50:14 +00:00
|
|
|
acl = *=NEVER, READ=NONE, UPDATE=$PIN, DELETE=$SOPIN;
|
2010-09-04 20:46:07 +00:00
|
|
|
}
|
|
|
|
|
2009-09-17 07:50:28 +00:00
|
|
|
EF template-private-key {
|
2010-09-04 20:46:07 +00:00
|
|
|
type = internal-ef;
|
|
|
|
file-id = 4B01;
|
2010-09-27 07:50:14 +00:00
|
|
|
acl = CRYPTO=$PIN, UPDATE=$PIN, DELETE=$PIN, GENERATE=$PIN;
|
2009-09-17 07:50:28 +00:00
|
|
|
}
|
2010-09-04 20:46:07 +00:00
|
|
|
|
|
|
|
EF template-public-key {
|
|
|
|
structure = transparent;
|
|
|
|
file-id = 5501;
|
2010-09-27 07:50:14 +00:00
|
|
|
acl = READ=NONE, UPDATE=$PIN, DELETE=$PIN, GENERATE=$PIN;
|
2010-09-04 20:46:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
EF template-certificate {
|
|
|
|
file-id = 4301;
|
|
|
|
structure = transparent;
|
2010-09-27 07:50:14 +00:00
|
|
|
acl = READ=NONE, UPDATE=$PIN, DELETE=$PIN;
|
2010-09-04 20:46:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
template key-domain {
|
|
|
|
# This is a dummy entry - pkcs15-init insists that
|
|
|
|
# this is present
|
|
|
|
EF private-key {
|
2010-09-27 07:50:14 +00:00
|
|
|
file-id = 4B01;
|
2010-09-04 20:46:07 +00:00
|
|
|
type = internal-ef;
|
2010-09-27 07:50:14 +00:00
|
|
|
acl = READ=NONE, UPDATE=$PIN, DELETE=$PIN, GENERATE=$PIN;
|
2010-09-04 20:46:07 +00:00
|
|
|
}
|
|
|
|
EF public-key {
|
2010-09-27 07:50:14 +00:00
|
|
|
file-id = 5501;
|
2010-09-04 20:46:07 +00:00
|
|
|
structure = transparent;
|
2010-09-27 07:50:14 +00:00
|
|
|
acl = READ=NONE, UPDATE=$PIN, DELETE=$PIN, GENERATE=$PIN;
|
2010-09-04 20:46:07 +00:00
|
|
|
}
|
2009-10-23 13:08:32 +00:00
|
|
|
|
2010-09-04 20:46:07 +00:00
|
|
|
# Certificate template
|
2009-10-23 13:08:32 +00:00
|
|
|
EF certificate {
|
2010-09-27 07:50:14 +00:00
|
|
|
file-id = 4301;
|
2010-09-04 20:46:07 +00:00
|
|
|
structure = transparent;
|
2010-09-27 07:50:14 +00:00
|
|
|
acl = READ=NONE, UPDATE=$PIN, DELETE=$PIN;
|
2010-09-04 20:46:07 +00:00
|
|
|
}
|
2009-09-17 07:50:28 +00:00
|
|
|
}
|
2010-09-04 20:46:07 +00:00
|
|
|
}
|
2009-09-17 07:50:28 +00:00
|
|
|
}
|
|
|
|
}
|