Storing certificate on the smartcard

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view

Storing certificate on the smartcard

Reginaldo Lira de Araújo
Hello everyone,

After some troubles and headaches, I finally have gotten a cryptoflex 32
k working under linux, through a gemplus gempc430 reader. I am using
opensc-0.9.6 , pcsc-lite-1.2.9-beta7 and drivers from the muscle
project.  Well, my goal is to get it working with openca. I integrated
the smartcard with firefox and it is working pretty well, it generates
the key pair onboard, the certificate requisition, etc. My doubt is :
after the certificate being issued, how can I store it on the smartcard
? I did it, using the opensc command : pkcs11-tool -w certificate.der
--id xxxx -y cert , but I need to know previously the id of the keys. I
mean, I want to know if there is a way of controlling this ID during the
requisition ( it is generated a long and random-like one  ) so that I
dont need to discover it using other commands or maybe a way of storing
the certificate in a way that it's automaticallly related with the keys
generated.  Is it possible?

Thanks in advance
opensc-user mailing list
[hidden email]
Reply | Threaded
Open this post in threaded view

Re: Storing certificate on the smartcard

Andreas Jellinghaus-2
Hi Reginaldo,

opensc 0.9.6 isn't very good with storing certificates via pkcs11-tool.

but you can use pkcs15-tool to do that. you can even store a *.p12
(pkcs12) file with key and certificate (and ca certificates etc.)
in one go:

pkcs15-init --store file.p12 --format pkcs12 -a 01
(-a 01 if you have a sopin/pin mix. ignore if you have initialized
your token with the "onepin" option).

I think there is some documentation on this in the QuickStart file,
not sure.

if you are interested in the subject:
we are about to release opensc 0.10.0 very soon, and we have
worked on improving many parts, and also have a very new
documentation. the documentation is online at

I would love to get some feedback on it, because I guess there are
quite some holes I need to fill, so pointing out holes, unanswered
questions and stuff like that would help me a lot.

Regards, Andreas
opensc-user mailing list
[hidden email]