After some troubles and headaches, I finally have gotten a cryptoflex 32
k working under linux, through a gemplus gempc430 reader. I am using
opensc-0.9.6 , pcsc-lite-1.2.9-beta7 and drivers from the muscle
project. Well, my goal is to get it working with openca. I integrated
the smartcard with firefox and it is working pretty well, it generates
the key pair onboard, the certificate requisition, etc. My doubt is :
after the certificate being issued, how can I store it on the smartcard
? I did it, using the opensc command : pkcs11-tool -w certificate.der
--id xxxx -y cert , but I need to know previously the id of the keys. I
mean, I want to know if there is a way of controlling this ID during the
requisition ( it is generated a long and random-like one ) so that I
dont need to discover it using other commands or maybe a way of storing
the certificate in a way that it's automaticallly related with the keys
generated. Is it possible?
opensc 0.9.6 isn't very good with storing certificates via pkcs11-tool.
but you can use pkcs15-tool to do that. you can even store a *.p12
(pkcs12) file with key and certificate (and ca certificates etc.)
in one go:
pkcs15-init --store file.p12 --format pkcs12 -a 01
(-a 01 if you have a sopin/pin mix. ignore if you have initialized
your token with the "onepin" option).
I think there is some documentation on this in the QuickStart file,
if you are interested in the subject:
we are about to release opensc 0.10.0 very soon, and we have
worked on improving many parts, and also have a very new
documentation. the documentation is online at
I would love to get some feedback on it, because I guess there are
quite some holes I need to fill, so pointing out holes, unanswered
questions and stuff like that would help me a lot.