Function sc_pkcs15init_update_file(): we will try to select the file, if
file can not be selected, the file is created, and select operation is
repeated. In both cases, the "selected_file" variable contains the current
FCI of the selected file.
Then the sc_pkcs15init_authenticate () function is called, but not with
"selected_file" variable, but "file" variable where the FCP data is present
(from the file creation operation).
Difference between FCP and FCI (pkcs15-init -C / MyEID card).
62 17 80 02 00 FF 82 01 01 83 02 50 31 86 03 01 3F FF 85 02 00 00 8A 01 00
6F 17 80 02 00 FF 82 01 01 83 02 50 31 86 03 01 3F FF 85 02 00 00 8A 01 01
Here it is clear that the data from FCP are outdated. The card changed the
TAG 0x8a from 0 to 1 ("no information given", "creation state".) We need to
respect the authority of the card, FCI is to be used in next code, not FCP.
modified: src/pkcs15init/pkcs15-lib.c
Very brief instructions
To init card:
Erase card and create pkcs15 dir
./pkcs15-init -EC
Store a PIN on the card, using ID 01
./pkcs15-init -P --auth-id 01 --pin aaaa --puk bbbb --label "My PIN"
Generate a 512 bit RSA key and store on card, protected by the above PIN
./pkcs15-init -G rsa/512 --auth-id 01
Or, store a pkcs12 key/certificate pair
./pkcs15-init --auth-id 01 -f pkcs12 -S mycert.p12
Note that the pkcs12 file must use just one password - if you
use different passwords for integrity and confidentiality,
OpenSC will fail to import the keys.