Re: [opensc-user] Cryptoflex problems

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: [opensc-user] Cryptoflex problems

Stef Hoeben-2
Hi Jan,

Jan Schermer wrote:

>Hi,
>I initialize the card like this:
>
>pkcs15-init -ET
>pkcs15-init -CT
>pkcs15-init -T -P -a 01 --label Zviratko1
>pkcs15-init -T -S file.p12 -a 01 -f PKCS12
>
>and then I tried both:
>a) pkcs15-init -T -P -a 02 --label Zviratko2
>    pkcs15-init -T -S file2.p12 -a 02 -f PKCS12
>
>and
>b) pkcs15-init -T -S file2.p12 -a 01 -f PKCS12
>  
>
Same with me when storing (my first) big p12 file.

But it's solved by changing the PKCS15 DF size in flex.profile:

    DF PKCS15-AppDF {
        ACL        = *=$SOPIN, FILES=NONE, DELETE=NONE;
        size    = 20000;

However, after this you should erase (-E) your card and start again
because the size of the PKCS15 DF is fixed during it's creation in
"pkcs15-init -CT".

Hope that helps. If not, try to temporary remove flex.profile, just
to make sure you are using the correct one.

Cheers,
Stef

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: [opensc-user] Cryptoflex problems

Stef Hoeben-2
Hi,

20000 bytes should be enough for more certs; or otherwise set the size
to 30000.

To check, you could try again opensc-explorer, then cd 5015, info, ls.

The sizes you see there should add up to about 20000.

For example:

OpenSC [3F00/5015]> info

Dedicated File  ID 5015

File path:     3F00/5015
File size:     11388 bytes
ACL for SELECT:          N/A
ACL for LOCK:            N/A
ACL for DELETE:          NONE
ACL for CREATE:          CHV2
ACL for REHABILITATE:    N/A
ACL for INVALIDATE:      N/A
ACL for LIST FILES:      NONE

OpenSC [3F00/5015]> ls
FileID  Type  Size
 0100    wEF    23
 4401    wEF   256
 5031    wEF   256
 5032    wEF    65
 4946    wEF   128
[4B01]    DF     0
 4402    wEF   256
 4545    wEF  1611
 4404    wEF   512
 4546    wEF  1970
 4547    wEF  1945

So we get: 11388 (is the free space) + 23 + 256 + 256 + 65 + 128 + ... +
1945 = about 20000

If it doesn't add up, there's something strange going on...
(perhaps "pkcs15-init -E" didn't work like you had before -- we should
add a warning here...)

Cheers,
Stef

Jan Schermer wrote:

>I tried this, worked for one (or maybe two, I don't have the card handy)
>
>certs. But no more.
>So should I give up on trying to fit more certs on the card?
>
>Jan
>
>Stef Hoeben wrote:
>
>  
>
>>Hi Jan,
>>
>>Jan Schermer wrote:
>>
>>    
>>
>>>Hi,
>>>I initialize the card like this:
>>>
>>>pkcs15-init -ET
>>>pkcs15-init -CT
>>>pkcs15-init -T -P -a 01 --label Zviratko1
>>>pkcs15-init -T -S file.p12 -a 01 -f PKCS12
>>>
>>>and then I tried both:
>>>a) pkcs15-init -T -P -a 02 --label Zviratko2
>>>   pkcs15-init -T -S file2.p12 -a 02 -f PKCS12
>>>
>>>and
>>>b) pkcs15-init -T -S file2.p12 -a 01 -f PKCS12
>>>
>>>
>>>      
>>>
>>Same with me when storing (my first) big p12 file.
>>
>>But it's solved by changing the PKCS15 DF size in flex.profile:
>>
>>   DF PKCS15-AppDF {
>>       ACL        = *=$SOPIN, FILES=NONE, DELETE=NONE;
>>       size    = 20000;
>>
>>However, after this you should erase (-E) your card and start again
>>because the size of the PKCS15 DF is fixed during it's creation in
>>"pkcs15-init -CT".
>>
>>Hope that helps. If not, try to temporary remove flex.profile, just
>>to make sure you are using the correct one.
>>
>>Cheers,
>>Stef
>>
>>    
>>
>
>  
>

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel