Using OpenSC on Ubuntu 13.04 version 0.12.2-2ubuntu2 with Cryptoflex 32K
Attempting to store several key pairs and certificates. Not having any
success. Routinely end up with "Failed to store private key: File too
small" and "Failed to store private key: Not enough memory on card".
Card initialized using pkcs15-init -T --create-pkcs15 using only
--so-pin, --so-puk, and --label arguments (as well as variations on this
calling out an alternate profile).
One auth-id declared with pkcs15-init -T --store-pin.
Attempt several pkcs15-init --store-private-key operations. Run out of
memory after two. PKCS11 files crafted to have only key+certificate (no
CA certificates). Have tried the same with more than one declared auth-id.
A few questions:
There is no (obvious) specific profile for this card. I assume that
/usr/share/opensc/pkcs15.profile is used. Is this correct?
I have tried to copy and alter /usr/share/opensc/pkcs15.profile and
specify the altered profile as a -p argument to pkcs15-init
--create-pkcs15. Is this the correct method?
Which profile configuration item adjustments are pertinent to allow for
more than two key pairs and associated certificate to be loaded? I have
tried this with CA certificates included or excluded. Ideally, I'd like
to load the key pair plus certificate plus CA certificates using PKCS11
bundles in typical export form. In my case, more than two.
I'm having a rather difficult time understanding how to lay out the
profile. It seems I've not understood how to accommodate several key
pairs and/or certificates. Importation of a typical PKCS11 bundle
including two CA certificates works, but a second with 3 CA certs fails,
as does an attempt at three keys with a single certificate each.