.PU .ds nm \fBpkcs15\fP .TH pkcs15 7 "" "" OpenSC .SH NAME pkcs15 \- standard for storing information on smart cards .SH DESCRIPTION The PKCS #15 standard is available from .BR http://www.rsasecurity.com/rsalabs/pkcs . This document does not try to cover PKCS #15 in detail; it just tries to give readers not familiar with the standard a brief overview. .PP PKCS #15 defines a standard how to store keys, certificates and possibly other data on a smart card, and how to describe certain meta information (such as what PIN the user needs to present before he's allowed to use a certain private key). .PP A PKCS #15 compliant smart card can contain one or more applications. There is one ``meta directory'' that contains a list of all applications. On cards that support an ISO 7816 compatible file system, each application usually resides in a directory of its own. .PP Within each application directory, PKCS #15 defines a structure of meta files (also called Directory Files) that contain information on objects stored on the card. For instance, there is a private key directory file (or PrKDF for short) that contains a list of private keys stored on the card. Likewise, there's a public key directory file (PuKDF) and a certificate directory file (CDF). .PP One fairly important PKCS #15 directory file is the AODF, or authorization object directory file, which describes the PINs held by the card. Note the AODF does not contain the PINs themselves; this is something that is highly card specific. What the AODF does contain however is a descriptive label for each PIN, and additional information required to authenticate against this PIN (sorry if this is very vague, but unless you really want to know, we'll better leave it at that, for the sake of your and my sanity :-). .PP Each object stored in a PKCS #15 structure has an ID assigned to it, so that related objects can reference one another. For instance, if a private key is protected by a PIN, the PrKDF entry for this key will contain an Authentication ID field that points to the AODF entry for this PIN. .PP Similarly, if the card contains a certificate corresponding to a private key stored on this card, the CDF entry for the certificate will have the same ID as the PrKDF entry for the private key. The same is true of public key objects. .SH BUGS This manual page is a little terse. .PP The use of the term Directory File in PKCS #15 is somewhat unfortunate. Normally, a PKCS #15 DF is just a plain (elementary) file, not a directory file in the sense of ISO 7816. .SH AUTHORS This manual page was written by Olaf Kirch .