2002-06-04 20:07:33 +00:00
|
|
|
#
|
2006-01-23 21:48:08 +00:00
|
|
|
# PKCS15 r/w profile for Siemens CardOS M4
|
|
|
|
# smart cards and crypto tokens (for example Aladdin eToken)
|
2002-06-04 20:07:33 +00:00
|
|
|
#
|
|
|
|
cardinfo {
|
|
|
|
max-pin-length = 8;
|
|
|
|
pin-encoding = ascii-numeric;
|
|
|
|
pin-pad-char = 0x00;
|
|
|
|
}
|
|
|
|
|
|
|
|
# Define reasonable limits for PINs and PUK
|
2003-10-13 16:13:12 +00:00
|
|
|
# We set the reference for SO pin+puk here, because
|
|
|
|
# those are hard-coded (if a PUK us assigned).
|
|
|
|
PIN so-pin {
|
|
|
|
reference = 0;
|
|
|
|
}
|
|
|
|
PIN so-puk {
|
|
|
|
reference = 1;
|
|
|
|
}
|
2002-06-04 20:07:33 +00:00
|
|
|
PIN user-pin {
|
|
|
|
attempts = 3;
|
|
|
|
}
|
|
|
|
PIN user-puk {
|
|
|
|
attempts = 10;
|
|
|
|
}
|
|
|
|
|
|
|
|
# Additional filesystem info.
|
|
|
|
# This is added to the file system info specified in the
|
|
|
|
# main profile.
|
|
|
|
filesystem {
|
|
|
|
DF MF {
|
|
|
|
DF PKCS15-AppDF {
|
2006-01-21 11:53:30 +00:00
|
|
|
size = 4096;
|
2003-05-15 15:26:29 +00:00
|
|
|
|
2003-10-21 08:32:17 +00:00
|
|
|
# Prevent unauthorized updates of basic security
|
|
|
|
# objects via PUT DATA OCI.
|
|
|
|
ACL = UPDATE=NEVER;
|
|
|
|
|
2003-05-15 15:26:29 +00:00
|
|
|
# Bump the size of the EF(PrKDF) - with split
|
|
|
|
# keys, we may need a little more room.
|
|
|
|
EF PKCS15-PrKDF {
|
2006-01-21 11:53:30 +00:00
|
|
|
size = 384;
|
|
|
|
}
|
|
|
|
|
|
|
|
EF PKCS15-PuKDF {
|
|
|
|
size = 384;
|
2003-05-15 15:26:29 +00:00
|
|
|
}
|
|
|
|
|
2003-10-13 16:13:12 +00:00
|
|
|
# This template defines files for keys, certificates etc.
|
|
|
|
#
|
|
|
|
# When instantiating the template, each file id will be
|
|
|
|
# combined with the last octet of the object's pkcs15 id
|
|
|
|
# to form a unique file ID.
|
|
|
|
template key-domain {
|
|
|
|
# This is a dummy entry - pkcs15-init insists that
|
|
|
|
# this is present
|
|
|
|
EF private-key {
|
|
|
|
file-id = FFFF;
|
|
|
|
}
|
|
|
|
EF public-key {
|
|
|
|
file-id = 3003;
|
|
|
|
structure = transparent;
|
|
|
|
ACL = *=NEVER,
|
|
|
|
READ=NONE,
|
|
|
|
UPDATE=$PIN,
|
|
|
|
ERASE=$PIN;
|
|
|
|
}
|
|
|
|
|
|
|
|
# Certificate template
|
|
|
|
EF certificate {
|
2004-11-15 09:39:21 +00:00
|
|
|
file-id = 3104;
|
2003-10-13 16:13:12 +00:00
|
|
|
structure = transparent;
|
|
|
|
ACL = *=NEVER,
|
|
|
|
READ=NONE,
|
|
|
|
UPDATE=$PIN,
|
|
|
|
ERASE=$PIN;
|
|
|
|
}
|
|
|
|
|
|
|
|
# Extractable private keys are stored in transparent EFs.
|
|
|
|
# Encryption of the content is performed by libopensc.
|
|
|
|
EF extractable-key {
|
2004-11-15 09:39:21 +00:00
|
|
|
file-id = 3201;
|
2003-10-13 16:13:12 +00:00
|
|
|
structure = transparent;
|
|
|
|
ACL = *=NEVER,
|
|
|
|
READ=$PIN,
|
|
|
|
UPDATE=$PIN,
|
|
|
|
ERASE=$PIN;
|
|
|
|
}
|
|
|
|
|
|
|
|
# data objects are stored in transparent EFs.
|
|
|
|
EF data {
|
2004-11-15 09:39:21 +00:00
|
|
|
file-id = 3302;
|
2003-10-13 16:13:12 +00:00
|
|
|
structure = transparent;
|
|
|
|
ACL = *=NEVER,
|
|
|
|
READ=NONE,
|
|
|
|
UPDATE=$PIN,
|
2003-10-18 12:51:12 +00:00
|
|
|
ERASE=$PIN;
|
2003-10-13 16:13:12 +00:00
|
|
|
}
|
|
|
|
|
2008-12-28 16:07:51 +00:00
|
|
|
# private data objects are stored in transparent EFs.
|
|
|
|
EF privdata {
|
|
|
|
file-id = 3403;
|
|
|
|
structure = transparent;
|
|
|
|
ACL = *=NEVER,
|
|
|
|
READ=$PIN,
|
|
|
|
UPDATE=$PIN,
|
|
|
|
ERASE=$PIN;
|
|
|
|
}
|
|
|
|
|
2002-06-04 20:07:33 +00:00
|
|
|
}
|
2003-10-13 16:13:12 +00:00
|
|
|
|
|
|
|
# This is needed when generating a key on-card.
|
2002-06-06 09:18:53 +00:00
|
|
|
EF tempfile {
|
|
|
|
file-id = 7EAD;
|
|
|
|
structure = linear-variable-tlv;
|
|
|
|
ACL = *=NONE;
|
|
|
|
size = 512;
|
|
|
|
}
|
2002-06-04 20:07:33 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|