How to protect certificates on Cryptoflex

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

How to protect certificates on Cryptoflex

Holger Lange

Hi all,

I want to store a trusted certificate on a Cryptoflex 16k and write protect it with the user PIN.
Therefor I changed "protect_certificates" in  flex.profile to "yes" and adjusted the size of the DFs accordingly.
With a blank card I did:

pkcs15-init --create-pkcs15 --use-default-transport-keys
pkcs15-init --store-pin --auth-id 01
pkcs15-init --store-certificate mycert.pem --auth-id 01

All operations returned without an error. But the certificate file was created under DF 5015 and not DF 5015/4B01 and so the certificate is'nt protected.

Looking at the source it seems, that --auth-id is ignored with --store-certificate. Is there any way to protect certificates with pkcs15-init on Cryptoflex? Do I have to apply further changes to flex.profile?

Thank you for your help!

Best regards

Holger

!

Erweitern Sie FreeMail zu einem noch leistungsstarkeren E-Mail-Postfach!    
Mehr Infos unter http://freemail.web.de/home/landingpad/?mc=021131  

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-user