diff --git a/src/pkcs15init/Makefile.am b/src/pkcs15init/Makefile.am index f58ca70b..93c9f2d8 100644 --- a/src/pkcs15init/Makefile.am +++ b/src/pkcs15init/Makefile.am @@ -9,12 +9,9 @@ LDFLAGS = @LDFLAGS@ @LIBOPENSC@ PROFILES = \ flex.profile \ - flex_so.profile \ - flex_onepin.profile \ gpk.profile \ miocos.profile \ etoken.profile \ - pkcs15-small.profile \ pkcs15.profile EXTRA_DIST = $(PROFILES) Makefile.mak diff --git a/src/pkcs15init/flex_onepin.profile b/src/pkcs15init/flex_onepin.profile deleted file mode 100644 index 1f2c3b1d..00000000 --- a/src/pkcs15init/flex_onepin.profile +++ /dev/null @@ -1,119 +0,0 @@ -# -# PKCS15 r/w profile for Cryptoflex cards, -# where the user (CHV1 pin) is in charge of the PKCS15 DF. -# -# A consequence is that only 1 user PIN is possible. -# -# Note 1: the PKCS15 files (DODF, PrKDF, PuKDF, ...) are unprotected -# (or protected by the SO PIN), as they are defined that way in -# "pkcs15.profile". If you don't want this, change the ACs -# to "*=$CVH1, READ=NONE;". -# -# Note 2: after you do sc_pkcs15init_add_app() (e.g. "pkcs15-init -EC"), -# the user PIN hasn't been added to the PrKDF yet. This will be done in -# sc_pkcs15init_store_pin() (e.g. "pkcs15-init -P --pin 1234 --puk 1234 -# -a 1 -l userpin") -# -cardinfo { - max-pin-length = 8; - pin-encoding = ascii-numeric; - pin-pad-char = 0x00; -} - -# Define reasonable limits for PINs and PUK -# Note that we do not set a file path or reference -# here; that is done dynamically. -PIN user-pin { - attempts = 3; - flags = 0x32; # local, initialized, needs-padding -} -PIN user-puk { - attempts = 10; -} - -# Additional filesystem info. -# This is added to the file system info specified in the -# main profile. -filesystem { - DF MF { - ACL = *=AUT1; - - DF PKCS15-AppDF { - ACL = DELETE=CHV1, CREATE=NONE, FILES=NONE; - EF sopinfile { - file-id = 0100; - size = 23; - ACL = *=NEVER, UPDATE=AUT1; - } - # If you add an SO PIN, you can set UPDATE=$SOPIN in the ACL below - # so the SO PIN can change the user PIN - EF pinfile-1 { - file-id = 0000; - size = 23; - ACL = *=NEVER, UPDATE=AUT1; - } - EF extkey { - file-id = 0011; - size = 15; - ACL = *=NEVER, UPDATE=AUT1; - } - DF keydir-1 { - ACL = *=CHV1, FILES=NONE; - file-id = 4B01; - size = 1370; # Sufficient for a 2048-bit key - EF template-private-key-1 { - file-id = 0012; - ACL = *=NEVER, CRYPTO=$PIN, UPDATE=CHV1; - } - EF template-extractable-key-1 { - file-id = 7000; - ACL = *=NEVER, READ=CHV1, UPDATE=CHV1; - } - } - DF keydir-2 { - ACL = *=CHV1, FILES=NONE; - file-id = 4B02; - size = 1370; # Sufficient for a 2048-bit key - EF template-private-key-2 { - file-id = 0012; - ACL = *=NEVER, CRYPTO=CHV1, UPDATE=CHV1; - } - EF template-extractable-key-2 { - file-id = 7000; - ACL = *=NEVER, READ=$PIN, UPDATE=CHV1; - } - } - EF template-public-key-1 { - file-id = 5201; - ACL = *=CHV1, READ=NONE; - } - EF template-public-key-2 { - file-id = 5202; - ACL = *=CHV1, READ=NONE; - } - EF template-public-key-3 { - file-id = 5203; - ACL = *=CHV1, READ=NONE; - } - EF template-certificate-1 { - file-id = 5501; - ACL = *=CHV1, READ=NONE; - } - EF template-certificate-2 { - file-id = 5502; - ACL = *=CHV1, READ=NONE; - } - EF template-certificate-3 { - file-id = 5503; - ACL = *=CHV1, READ=NONE; - } - } - } -} - -# Define an SO pin -# This PIN is not used yet. -PIN so-pin { - file = sopinfile; - reference = 0; -} diff --git a/src/pkcs15init/flex_so.profile b/src/pkcs15init/flex_so.profile deleted file mode 100644 index c6ea6aed..00000000 --- a/src/pkcs15init/flex_so.profile +++ /dev/null @@ -1,106 +0,0 @@ -# -# PKCS15 r/w profile for Cryptoflex cards, -# where the Security Officer (CHV2 pin) is in charge of the PKCS15 DF. -# -cardinfo { - max-pin-length = 8; - pin-encoding = ascii-numeric; - pin-pad-char = 0x00; -} - -# Define reasonable limits for PINs and PUK -# Note that we do not set a file path or reference -# here; that is done dynamically. -PIN user-pin { - attempts = 3; - flags = 0x32; # local, initialized, needs-padding -} -PIN user-puk { - attempts = 10; -} - -# Additional filesystem info. -# This is added to the file system info specified in the -# main profile. -filesystem { - DF MF { - ACL = *=AUT1; - - DF PKCS15-AppDF { - ACL = DELETE=$SOPIN, CREATE=NONE, FILES=NONE; - size = 7500; # enough for 2 2048 bit keys, and 1 cert each - EF sopinfile { - file-id = 0100; - size = 23; - ACL = *=NEVER, UPDATE=AUT1; - } - EF extkey { - file-id = 0011; - size = 15; - ACL = *=NEVER, UPDATE=AUT1; - } - DF keydir-1 { - ACL = *=$SOPIN, FILES=NONE; - file-id = 4B01; - size = 1370; # Sufficient for a 2048-bit key - EF pinfile-2 { - file-id = 0000; - size = 23; - ACL = *=NEVER, UPDATE=$SOPIN; - } - EF template-private-key-1 { - file-id = 0012; - ACL = *=NEVER, CRYPTO=CHV1, UPDATE=$SOPIN; - } - EF template-extractable-key-1 { - file-id = 7000; - ACL = *=NEVER, READ=$PIN, UPDATE=$SOPIN; - } - } - DF keydir-2 { - ACL = *=$SOPIN, FILES=NONE; - file-id = 4B02; - size = 1370; # Sufficient for a 2048-bit key - EF pinfile-3 { - file-id = 0000; - size = 23; - ACL = *=NEVER, UPDATE=$SOPIN; - } - EF template-private-key-2 { - file-id = 0012; - ACL = *=NEVER, CRYPTO=CHV1, UPDATE=$SOPIN; - } - EF template-extractable-key-2 { - file-id = 7000; - ACL = *=NEVER, READ=$PIN, UPDATE=$SOPIN; - } - } - EF template-public-key-1 { - file-id = 5201; - ACL = *=$SOPIN, READ=NONE; - } - EF template-public-key-2 { - file-id = 5202; - ACL = *=$SOPIN, READ=NONE; - } - EF template-certificate-1 { - file-id = 5501; - ACL = *=$SOPIN, READ=NONE; - } - EF template-certificate-2 { - file-id = 5502; - ACL = *=$SOPIN, READ=NONE; - } - EF PKCS15-AODF { - size = 160; # 1 SOPIN + 2 user pins - } - } - } -} - -# Define an SO pin -# This PIN is not used yet. -PIN so-pin { - file = sopinfile; - reference = 0; -} diff --git a/src/pkcs15init/pkcs15-small.profile b/src/pkcs15init/pkcs15-small.profile deleted file mode 100644 index 80391d03..00000000 --- a/src/pkcs15init/pkcs15-small.profile +++ /dev/null @@ -1,98 +0,0 @@ -# -# PKCS15 profile, generic information. -# This profile is loaded before any card specific profile. -# - -cardinfo { - label = "OpenSC Card"; - manufacturer = "OpenSC Project"; - min-pin-length = 4; - # max length should be overridden in the per-card profile - max-pin-length = 8; -} - -# Define reasonable limits for PINs and PUK -# Note that we do not set a file path or reference -# for the user pin; that is done dynamically. -PIN user-pin { - attempts = 3; -} -PIN user-puk { - attempts = 7; -} -PIN so-pin { - auth-id = FF; - attempts = 2; - min-length = 6; - flags = 0x32; -} -PIN so-puk { - attempts = 4; - min-length = 6; -} - -filesystem { - DF MF { - path = 3F00; - type = DF; - - # This is the DIR file - EF DIR { - type = EF; - file-id = 2F00; - size = 128; - acl = *=NONE; - } - - # Here comes the application DF - DF PKCS15-AppDF { - type = DF; - file-id = 5015; - aid = A0:00:00:00:63:50:4B:43:53:2D:31:35; - acl = *=NONE; - size = 5000; - - EF PKCS15-ODF { - file-id = 5031; - size = 128; - ACL = *=NONE; - } - - EF PKCS15-TokenInfo { - file-id = 5032; - ACL = *=NONE; - } - - EF PKCS15-AODF { - file-id = 4401; - size = 128; - ACL = *=$SOPIN, READ=NONE; - } - - EF PKCS15-PrKDF { - file-id = 4402; - size = 128; - acl = *=$SOPIN, READ=NONE; - } - - EF PKCS15-PuKDF { - file-id = 4403; - size = 128; - acl = *=$SOPIN, READ=NONE; - } - - EF PKCS15-CDF { - file-id = 4404; - size = 256; - acl = *=$SOPIN, READ=NONE; - } - - EF PKCS15-DODF { - file-id = 4405; - size = 128; - ACL = *=NONE; - } - - } - } -}