Hi, do: > # pkcs15-tool --bind-to-aid E828BD080FD25047656E65726963 -k -c -C > to see if there are some data objects related to CSP/minidriver.
Here is the command you requested : pkcs15-tool --bind-to-aid E828BD080FD > 25047656E65726963 -k -c -C -v > Using reader with a card: SpringCard CSB6 Family Contact 0 > Connecting to card in reader SpringCard CSB6 Family Contact 0... > Using card driver IAS-ECC. > Trying to find a PKCS#15 compatible card... > Found ECC eID! > Card has 1 certificate(s). > X.509 Certificate [Nicolas DUHAMEL's ID] > Flags : 2 > Authority: no > Path : E828BD080FD25047656E65726963::b001 > ID : 24804BC5CE68B229A3D812C1FE871DECEC134468 > Access Rules: read:<always>; update:C1; delete:C1; > Encoded serial: 02 0A 18B6545600010000004E > Reading data object <0> > applicationName: CSP > Label: 60842574-bef2-4d6f-9360-f843948078c9 > applicationOID: NONE > Path: E828BD080FD25047656E65726963::b101 > Auth ID: > Data Object (25 bytes): < 01 14 24 80 4B C5 CE 68 B2 29 A3 D8 12 C1 FE 87 > 1D EC > EC 13 44 68 02 01 01 > > Reading data object <1> > applicationName: CSP > Label: Default Key Container > applicationOID: NONE > Path: E828BD080FD25047656E65726963::b102 > Auth ID: > Data Object (36 bytes): < 36 30 38 34 32 35 37 34 2D 62 65 66 32 2D 34 64 > 36 66 > 2D 39 33 36 30 2D 66 38 34 33 39 34 38 30 37 38 63 39 > > Card has 2 private key(s). > Private RSA Key [Nicolas DUHAMEL's ID] > Com. Flags : 3 > Usage : [0x26], decrypt, sign, unwrap > Access Flags: [0x15], sensitive, alwaysSensitive, local > Access Rules: update:C1; execute,pso_decrypt,int_auth:C1; > Supported algorithms: 6, 5 > ModLength : 1024 > Key ref : 137 > Native : yes > Path : E828BD080FD25047656E65726963:: > Auth ID : C1 > ID : 625299F4A603903CBD76D53190C49A22C13FE02F > Subject : > 306B31133011060A0992268993F22C6401191603636F6D31173015060A > 099226... > Private RSA Key [Nicolas DUHAMEL's ID] > Com. Flags : 3 > Usage : [0x26], decrypt, sign, unwrap > Access Flags: [0x15], sensitive, alwaysSensitive, local > Access Rules: update:C1; execute,pso_decrypt,int_auth:C1; > Supported algorithms: 6, 5 > ModLength : 1024 > Key ref : 138 > Native : yes > Path : E828BD080FD25047656E65726963:: > Auth ID : C1 > ID : 24804BC5CE68B229A3D812C1FE871DECEC134468 > Subject : > 306B31133011060A0992268993F22C6401191603636F6D31173015060A > 099226... The keys were imported or generated? What middlaware have you used? I used Gemalto Classic Card CSP, which is given by ANTS Middleware. For the keys, I don't know how it works when you request a certificate through certsrv. It may have been generated, that's why time of personalization is quite long ? Gemalto M/W do not implement 'write' access to the protected applications. > All write/updates with this M/W concerns the 'generic' application. I'm glad to see that anywhere certificates are stored (eId application or generic application), the certificates are seen by ANTS tools, ok about your note I do not quite follow, what for 'used twice' ? If you really need to make 'manual' decentralized enrollment with the OpenSC > tools you need: > - generate key (pkcs15-init -G); > - sign generated public key and create certificate request (pkcs15-tool > --sign); > - ask some CA to sign a new certificate; > - import new certificate into the card (pkcs15-init -X). > I think I am a little bit confused about storing certificates inside smart card ! I thought I had to store 1 certificate and 2 keys to get the same datas as in the dump below. Thanks for helping : - generate key inside card in order to sign certificate requests - import certificate returned and signed by CA in the card (and sign it with the card's key?) thanks again
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
