Hi, On Mon, Dec 03, 2012 at 11:20:14AM +0100, Viktor Tarasov wrote: > In OpenSC the '0C' value for P2 is used when there is no need to return FCI > data in 'SELECT' command:
Aha. Thanks. I was wondering where the additional key containers are stored on the card and thought that maybe P2 = 0C would select the key container that's inaccessible with OpenSC. I was guessing in the wrong direction: It turns out that the key containers are all concatenated into the same file. There's a file at address 3f0016000004 (filename "GemSAFE") which begins with 2 bytes for the length of the file (0x0a36 in this case) followed by a table which looks like this on my card: 01 f0 00 03 03 b0 00 03 01 f0 00 04 03 b0 00 04 01 fe 14 00 05 03 b0 00 05 <= private key ref of third key container 01 fe 14 01 06 03 b0 00 06 <= private key ref of fourth key container 01 f0 00 07 03 b0 00 07 01 f0 00 08 03 b0 00 08 01 f0 00 09 03 b0 00 09 01 f0 00 0a 03 b0 00 0a 01 f0 00 0b 03 b0 00 0b 01 f0 00 0c 03 b0 00 0c This table is followed by some garbage, then followed by the two certificates. What pkcs15-gemsafeV1.c:gemsafe_get_cert_len() currently does is look for the first private key in the table (recognizable by 0xfe), then look for the first certificate (starts with 0x3082 further down in the file) and be done with it. The other certificate which follows right behind in the same file is ignored. I'm using the master branch, i.e. 0.13.0rc1. I don't have any documentation by Gemalto, only the ISO 7816 standard on cardwerk.com (which seems to be outdated). Kind regards, Lukas _______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
