root/releases/opensc-0.5.0/README.Cryptoflex

Revision 194, 3.2 KB (checked in by jey, 7 years ago)

- last minute changes before the new release
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
Line 
1
2OpenSC supports the Cryptoflex cards beginning with version 0.5.0.
3
4Cryptoflex specific features can be tested with cryptoflex-tool.
5Due to the publicly available datasheets, cryptoflex-tool also includes
6a PKCS #15 structure generator. At the moment all the encoded information
7is hardcoded in the source file, but editing the structures should
8be pretty straightforward.
9
10Here are the steps to PKCS #15 structure generation:
11
12WARNING: You should be using a very safe terminal when issuing the
13         following commands.
14
150.  If you don't have a Cryptoflex 16k, you will have to add the ATR of
16    your card manually to the flex_atrs structure at the top of card-flex.c.
17    The ATR can be found with 'opensc-tool -a' command.  You should mail
18    the ATR string to <juha.yrjola@iki.fi>, so it can be added in the
19    official distribution.
20
211.  Verify the AAK key and CHV2:
22
23$ opensc-explorer
24OpenSC Explorer version 0.5.0
25Connecting to card in reader Towitoko Chipdrive Micro 0 0...
26Using card driver: Schlumberger Multiflex/Cryptoflex
27OpenSC [3F00]> ver KEY1 01:02:03:04:05:06:07:08         # replace these
28Code correct.
29OpenSC [3F00]> ver CHV2 31:32:33:34:00:00:00:00         # with your own values
30Code correct.
31
322.  Create the CHV2 file, if not present:
33
34$ cryptoflex-tool -P 2
35Connecting to card in reader Towitoko Chipdrive Micro 0 0...
36Using card driver: Schlumberger Multiflex/Cryptoflex
37Please enter CHV2: 1234
38Please enter PUK for CHV2: 12345678
39
403.  Create the PKCS #15 structure
41
42$ cryptoflex-tool -C
43Connecting to card in reader Towitoko Chipdrive Micro 0 0...
44Using card driver: Schlumberger Multiflex/Cryptoflex
45Please enter CHV1 (key 1): 1234
46Please enter PUK for CHV1 (key 1): 12345678
47Please enter CHV1 (key 2): 5678
48Please enter PUK for CHV1 (key 2): 12345678
49
504.  Generate two 1024-bit RSA key pairs with openssl:
51
52$ openssl genrsa -out key1.pem 1024
53Generating RSA private key, 1024 bit long modulus
54...........++++++
55...++++++
56e is 65537 (0x10001)
57$ openssl genrsa -out key2.pem 1024
58Generating RSA private key, 1024 bit long modulus
59.....................++++++
60....++++++
61e is 65537 (0x10001)
62
635.  Create the files to hold the keys on the card:
64
65$ cryptoflex-tool -a 5015 -c 1
66$ cryptoflex-tool -a 4b02 -c 1
67
686.  Store the key pairs on the card:
69
70$ cryptoflex-tool -a 5015 -p key1.pem -s -v  # (enter CHV1 for key 1)
71$ cryptoflex-tool -a 4b02 -p key2.pem -s -v  # (enter CHV1 for key 2)
72
736a. Check if the keys are working:
74
75$ pkcs15-crypt -i <plaintext-file> -o <signed-data> -s --pkcs1
76Connecting to card in reader Towitoko Chipdrive Micro 0 0...
77Trying to find a PKCS#15 compatible card...
78Found OpenSC Test Card!
79Enter PIN [Authentication PIN]:
80PIN code correct.
81
827.  Create two certificates with openssl. Name them cert1.crt and cert2.crt.This process is not in the scope
83    of this document.
84
858.  Store the DER-encoded certificates on the card (this process will be
86    automated in the future):
87
88$ opensc-explorer
89OpenSC Explorer version 0.5.0
90Connecting to card in reader Towitoko Chipdrive Micro 0 0...
91Using card driver: Schlumberger Multiflex/Cryptoflex
92OpenSC [3F00]> cd 5015
93OpenSC [3F00/5015]> create 4301 <size of cert1.crt>
94OpenSC [3F00/5015]> create 4302 <size of cert2.crt>
95OpenSC [3F00/5015]> put 4301 cert1.crt
96OpenSC [3F00/5015]> put 4302 cert2.crt
97
Note: See TracBrowser for help on using the browser.