On 15.02.2011 12:40, NdK wrote: > Il 15/02/2011 11:17, Toni Sjoblom - Aventra ha scritto: >> Hi, > Woa. *That's* customer support! > >> Current MyEID cards are 80K, but some of this space is used by the MyEID >> applet itself. > Ok. I'm starting to understand. > >> The file size you see in the 3F00 file is the remaining free space, but due >> to a limitation of java cards in general, as Martin mentioned, 32k is the >> largest number for signed short. > So I misunderstood. I thought a DF had to be big enough to contain all > its sub-DFs and EFs. Good to know I was wrong (I was already thinking > about adding another java app for using the remaining space). > >> This only shows that you have at least this amount o space left. To get to >> know how much space you actually have left, you could create a file that is >> 32k, and the see how much space is left. Then if you still get the maximum >> (32k), then create another 32k file and then see the results. By >> adding these values together you get the actual space. > Perfect. Too bad I haven't my cards handy atm, but I'll try ASAP. > >>>> But I'm still missing some useful details (like typical keysize, how >>>> much space does a key need in index files& so on)... >>> Looking at that index file might help? Also, every applet will take some >>> memory for internal bookkeeping, so it is not simply 1:1. >> A single key (private or public) needs typically 70-90 bytes in the dir file >> (index file). The actual amount depends on the label length. >> One 1024bit RSA key pair takes 512bytes and one 2048bit key pair takes >> 960bytes. > Ok. So, 'limiting' to 32 keys (due to said limit in pkcs15-tool), I > could have: > cdf_size = 8640 # 3 * 32 * 90 (an average of 3 keys in every cert) You mean 3 certs for each key? I think that it's difficult to generalize this relation, the contexts of the card usage are so different.
Of cause the last word is for Toni, but, imho, the actual default value of 'cdf-size' is really too low. As for me it should be around one-two times larger then prkdf-size. I do not have justification for this relation, only very vague considerations: 2-3 certs per key, private key DF record is larger than the certificate's one. > prkdf_size = 2880 # 32 * 90 > pukdf_size = 2880 # idem... but why is default smaller than prkdf_size? Generally there is no PubKey object corresponding to the imported keys. Imported private key is immediately accompanied with the corresponding certificate or have sufficiently explicit attributes (ID) that allows to link it with the future certificate. > Storing only 2048-bit keys for 32 different certificates from different > CAs (so w/ a different intermediate CA in every cert, that gives me the > '3 keys' for cdf_size line) I should end up using about 45k + the certs > ... This way I won't be able to add keys or certs only when I reach > limits of pkcs15-tool or capacity, right? > If so, could those values be included as defaults (maybe for a 'max' > profile) in myeid.profile ? ... > PS: seems MyEID can't generate<1024bit keypairs... Is it right? From > specs I understood it could work from 512 to 2048... It can generate 1024bit keys. > Tks& BYtE! Kind wishes, Viktor. > _______________________________________________ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel > -- Viktor Tarasov <viktor.tara...@opentrust.com> _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
