giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
opensc/src/pkcs15init
History
Peter Popovec ce7fa42958 Use fresh data from FCI instead of FCP for sc_pkcs15init_authenticate() 
Function sc_pkcs15init_update_file(): we will try to select the file, if
file can not be selected, the file is created, and select operation is
repeated. In both cases, the "selected_file" variable contains the current
FCI of the selected file.

Then the sc_pkcs15init_authenticate () function is called, but not with
"selected_file" variable, but "file" variable where the FCP data is present
(from the file creation operation).

Difference between FCP and FCI  (pkcs15-init -C  / MyEID card).
62 17 80 02 00 FF 82 01 01 83 02 50 31 86 03 01 3F FF 85 02 00 00 8A 01 00
6F 17 80 02 00 FF 82 01 01 83 02 50 31 86 03 01 3F FF 85 02 00 00 8A 01 01

Here it is clear that the data from FCP are outdated.  The card changed the
TAG 0x8a from 0 to 1 ("no information given", "creation state".) We need to
respect the authority of the card, FCI is to be used in next code, not FCP.

	modified:   src/pkcs15init/pkcs15-lib.c
 		2021-01-22 18:59:22 +01:00
..
Makefile.am Rutoken Lite (#1728) 2019-07-22 13:05:32 +02:00
Makefile.mak fixed and cleaned up nmake Makefiles 2016-06-23 07:35:53 +02:00
README - added comment on pkcs12 files 2002-12-04 14:28:08 +00:00
asepcos.profile Create new type "privdata" in all profiles with different 2008-12-28 16:07:51 +00:00
authentic.profile libopensc: export sc_find_app(), remove debug message, ... 2011-01-12 17:41:10 +00:00
cardos.profile Revert 5558 2011-06-08 07:58:51 +00:00
cyberflex.profile cyberflex: no more 'protect-certificates' profile option 2010-02-20 23:20:38 +00:00
entersafe.profile pkcs15init: EnterSafe: increase size of the xDF files 2011-03-15 09:39:04 +00:00
epass2003.profile epass2003: support for ePass2003 card in read/write modes 2012-06-08 20:17:36 +02:00
flex.profile pkcs15init cflex: fix protected initialisation 2010-03-04 13:37:11 +00:00
gids.profile First support for GIDS card 2016-02-19 00:12:16 +01:00
gpk.profile change base id so it does not overlap with the next one. 2009-03-05 15:15:24 +00:00
ias_adele_admin1.profile fix typos 2018-04-15 09:34:45 +02:00
ias_adele_admin2.profile fix typos 2018-04-15 09:34:45 +02:00
ias_adele_common.profile fix typos 2018-04-15 09:34:45 +02:00
iasecc.profile fix typos 2018-04-15 09:34:45 +02:00
iasecc_admin_eid.profile fix typos 2018-04-15 09:34:45 +02:00
iasecc_generic_oberthur.profile fix typos 2018-04-15 09:34:45 +02:00
iasecc_generic_pki.profile fix typos 2018-04-15 09:34:45 +02:00
incrypto34.profile pkcs15init profile: 'private key' as BSO is differenciated from the one as EF 2010-01-21 10:07:40 +00:00
isoApplet.profile isoApplet: fix card not recognized by minidriver 2015-10-23 23:03:25 +02:00
jcop.profile Create new type "privdata" in all profiles with different 2008-12-28 16:07:51 +00:00
miocos.profile - Small update to MioCOS pkcs15init driver 2002-04-19 18:01:49 +00:00
muscle.profile muscle profile: keep default ACLs for the 'DIR' file 2010-03-31 12:41:39 +00:00
myeid.profile add algorithm references for AES keys 2017-06-13 10:40:36 +02:00
oberthur.profile fix typos 2018-04-15 09:34:45 +02:00
openpgp.profile pkcs15init-openpgp: Support for private key import in pkcs15init. 2012-07-29 13:09:08 +02:00
pkcs15-asepcos.c spelling fixes 2020-08-30 10:35:14 +02:00
pkcs15-authentic.c authentic: Fix copy&paste error in log message 2021-01-06 14:15:06 +01:00
pkcs15-cardos.c replaced SC_TEST_RET with LOG_TEST_RET 2018-12-06 09:26:42 +01:00
pkcs15-cflex.c replaced SC_TEST_RET with LOG_TEST_RET 2018-12-06 09:26:42 +01:00
pkcs15-entersafe.c spelling fixes 2020-08-30 10:35:14 +02:00
pkcs15-epass2003.c Bug fixed (#1859) 2020-06-03 14:54:39 +02:00
pkcs15-gids.c replaced SC_TEST_RET with LOG_TEST_RET 2018-12-06 09:26:42 +01:00
pkcs15-gpk.c replaced SC_FUNC_RETURN with LOG_FUNC_RETURN 2018-12-06 09:26:42 +01:00
pkcs15-iasecc.c fix typos 2018-04-15 09:34:45 +02:00
pkcs15-incrypto34.c replace sc_debug with sc_log 2018-12-06 09:26:42 +01:00
pkcs15-init.h Implemented handling of CKA_ALWAYS_AUTHENTICATE attribute when importing and generating keys, mapping it to pkcs#15 userConsent field. Added command line options to pkcs11-tool and pkcs15-init tool to use the feature. 2018-12-05 12:10:42 +01:00
pkcs15-isoApplet.c IsoApplet: Fix uninitialized public key oid during key generation 2020-06-05 14:48:50 +02:00
pkcs15-jcop.c spelling fixes 2020-08-30 10:35:14 +02:00
pkcs15-lib.c Use fresh data from FCI instead of FCP for sc_pkcs15init_authenticate() 2021-01-22 18:59:22 +01:00
pkcs15-miocos.c replaced SC_TEST_RET with LOG_TEST_RET 2018-12-06 09:26:42 +01:00
pkcs15-muscle.c replace sc_debug with sc_log 2018-12-06 09:26:42 +01:00
pkcs15-myeid.c spelling fixes 2020-08-30 10:35:14 +02:00
pkcs15-oberthur-awp.c fixed 341853 Resource leak 2019-11-05 21:49:30 +01:00
pkcs15-oberthur.c Remove redundant logging 2018-12-18 13:50:08 +01:00
pkcs15-oberthur.h Use OpenSSL versions OpenSSL-0.9.7 to 1.1.0a for OpenSC 2016-10-08 06:15:06 -05:00
pkcs15-openpgp.c Use ecpointQ for better code readability 2019-10-09 15:02:36 +02:00
pkcs15-rtecp.c replaced SC_TEST_RET with LOG_TEST_RET 2018-12-06 09:26:42 +01:00
pkcs15-rutoken.c replace sc_debug with sc_log 2018-12-06 09:26:42 +01:00
pkcs15-sc-hsm.c sc-hsm: Use CHR in CSR based on device serial number 2019-06-21 15:08:14 +02:00
pkcs15-setcos.c spelling fixes 2020-08-30 10:35:14 +02:00
pkcs15-starcos.c replace sc_debug with sc_log 2018-12-06 09:26:42 +01:00
pkcs15-westcos.c openssl: Bump openssl requirement to 0.9.8 2018-09-14 08:21:40 +02:00
pkcs15.profile pkcs15init: externalize and change name of select_intrinsic_id() 2013-12-29 17:33:36 +01:00
profile.c Remove compiler warnings/errors 2020-06-22 10:47:02 +02:00
profile.h License clarification (#988) 2017-03-14 22:47:13 +01:00
rutoken.profile Rutoken S: add 'aid' to profile (for '-init --create-pkcs15 --so-pin 87654321 --so-puk -p rutoken+small') 2010-05-30 13:54:54 +00:00
rutoken_ecp.profile RuToken-ECP: profile option to allow the reset of User PIN with SoPIN 2011-06-02 19:06:43 +00:00
rutoken_lite.profile Rutoken Lite (#1728) 2019-07-22 13:05:32 +02:00
sc-hsm.profile sc-hsm: Bind PIN object to applet aid to ensure SELECT before PIN verification 2015-09-23 15:38:57 +02:00
setcos.profile fix typos 2018-04-15 09:34:45 +02:00
starcos.profile onepin option also needs PIN to CREATE 2018-10-08 21:35:23 +02:00
westcos.profile Updated westcos driver by François Leblanc 2009-12-03 07:10:24 +00:00

README 


Very brief instructions

To init card:

Erase card and create pkcs15 dir
	./pkcs15-init -EC

Store a PIN on the card, using ID 01
	./pkcs15-init -P  --auth-id 01 --pin aaaa --puk bbbb --label "My PIN"

Generate a 512 bit RSA key and store on card, protected by the above PIN
	./pkcs15-init -G rsa/512 --auth-id 01

Or, store a pkcs12 key/certificate pair
	./pkcs15-init --auth-id 01 -f pkcs12 -S mycert.p12

	Note that the pkcs12 file must use just one password - if you
	use different passwords for integrity and confidentiality,
	OpenSC will fail to import the keys.