62 lines
2.5 KiB
Groff
62 lines
2.5 KiB
Groff
.PU
|
|
.TH pkcs15 7 "" "" OpenSC
|
|
.SH NAME
|
|
pkcs15 \- standard for storing information on smart cards
|
|
.SH DESCRIPTION
|
|
The PKCS #15 standard is available from
|
|
.BR http://www.rsasecurity.com/rsalabs/pkcs .
|
|
This document does not try to cover PKCS #15 in detail; it
|
|
just tries to give readers not familiar with the standard a
|
|
brief overview.
|
|
.PP
|
|
PKCS #15 defines a standard how to store keys, certificates
|
|
and possibly other data on a smart card, and how to describe
|
|
certain meta information (such as what PIN the user needs to
|
|
present before he's allowed to use a certain private key).
|
|
.PP
|
|
A PKCS #15 compliant smart card can contain one or more
|
|
applications. There is one ``meta directory'' that contains
|
|
a list of all applications. On cards that support an ISO 7816
|
|
compatible file system, each application usually resides in
|
|
a directory of its own.
|
|
.PP
|
|
Within each application directory,
|
|
PKCS #15 defines a structure of meta files (also
|
|
called Directory Files) that contain information on objects
|
|
stored on the card. For instance, there is a private key
|
|
directory file (or PrKDF for short) that contains a list of
|
|
private keys stored on the card. Likewise, there's a
|
|
public key directory file (PuKDF) and a certificate directory
|
|
file (CDF).
|
|
.PP
|
|
One fairly important PKCS #15 directory file is the AODF, or
|
|
authorization object directory file, which describes
|
|
the PINs held by the card. Note the AODF does not contain
|
|
the PINs themselves; this is something that is highly
|
|
card specific. What the AODF does contain however is
|
|
a descriptive label for each PIN, and additional information
|
|
required to authenticate against this PIN (sorry if this
|
|
is very vague, but unless you really want to know, we'll
|
|
better leave it at that, for the sake of your and my sanity :-).
|
|
.PP
|
|
Each object stored in a PKCS #15 structure has an ID
|
|
assigned to it, so that related objects can reference
|
|
one another. For instance, if a private key is protected
|
|
by a PIN, the PrKDF entry for this key will contain
|
|
an Authentication ID field that points to the AODF entry
|
|
for this PIN.
|
|
.PP
|
|
Similarly, if the card contains a certificate corresponding
|
|
to a private key stored on this card, the CDF entry for the
|
|
certificate will have the same ID as the PrKDF entry for
|
|
the private key. The same is true of public key objects.
|
|
.SH BUGS
|
|
This manual page is a little terse.
|
|
.PP
|
|
The use of the term Directory File in PKCS #15 is somewhat
|
|
unfortunate. Normally, a PKCS #15 DF is just a plain
|
|
(elementary) file, not a directory file in the sense of
|
|
ISO 7816.
|
|
.SH AUTHORS
|
|
This manual page was written by Olaf Kirch <okir@lst.de>.
|