Il 15/02/2011 11:17, Toni Sjoblom - Aventra ha scritto: > Hi, Woa. *That's* customer support!
> Current MyEID cards are 80K, but some of this space is used by the MyEID > applet itself. Ok. I'm starting to understand. > The file size you see in the 3F00 file is the remaining free space, but due > to a limitation of java cards in general, as Martin mentioned, 32k is the > largest number for signed short. So I misunderstood. I thought a DF had to be big enough to contain all its sub-DFs and EFs. Good to know I was wrong (I was already thinking about adding another java app for using the remaining space). > This only shows that you have at least this amount o space left. To get to > know how much space you actually have left, you could create a file that is > 32k, and the see how much space is left. Then if you still get the maximum > (32k), then create another 32k file and then see the results. By > adding these values together you get the actual space. Perfect. Too bad I haven't my cards handy atm, but I'll try ASAP. >>> But I'm still missing some useful details (like typical keysize, how >>> much space does a key need in index files & so on)... >> Looking at that index file might help? Also, every applet will take some >> memory for internal bookkeeping, so it is not simply 1:1. > A single key (private or public) needs typically 70-90 bytes in the dir file > (index file). The actual amount depends on the label length. > One 1024bit RSA key pair takes 512bytes and one 2048bit key pair takes > 960bytes. Ok. So, 'limiting' to 32 keys (due to said limit in pkcs15-tool), I could have: cdf_size = 8640 # 3 * 32 * 90 (an average of 3 keys in every cert) prkdf_size = 2880 # 32 * 90 pukdf_size = 2880 # idem... but why is default smaller than prkdf_size? Storing only 2048-bit keys for 32 different certificates from different CAs (so w/ a different intermediate CA in every cert, that gives me the '3 keys' for cdf_size line) I should end up using about 45k + the certs ... This way I won't be able to add keys or certs only when I reach limits of pkcs15-tool or capacity, right? If so, could those values be included as defaults (maybe for a 'max' profile) in myeid.profile ? PS: seems MyEID can't generate <1024bit keypairs... Is it right? From specs I understood it could work from 512 to 2048... Tks & BYtE! _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
