cryptoflex e-gate problems (again)

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

cryptoflex e-gate problems (again)

Susana Nunes
Hi!

I'm testing again a cryptoflex card in linux but I continue to have some
problems.

I followed the manuals and compiled the latest releases of openct and opensc,
and I used kernel 2.6.11.

The card I'm using already has a certificate and a pin associated, the purpose
is only to use it in firefox or other application.

My questions are: Why do I have to initialize the card? If I do this won't the
card's certificate be erased?

Sorry but I'm new at this stuff and getting confused...

--
Susana Nunes
Technical Consultant
______________________________________________

Linux Caixa Mágica Software
A distribuição de Linux Portuguesa!
______________________________________________

Av. das Forças Armadas,
125 - 4º A Edificio Open,
1600-079, Lisboa, PORTUGAL
Tel. +351 217 921 260
Fax. +351 217 921 261

http://www.caixamagica.pt
Email: [hidden email]





_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: cryptoflex e-gate problems (again)

Nils Larsch
Susana Nunes wrote:

> Hi!
>
> I'm testing again a cryptoflex card in linux but I continue to have some
> problems.
>
> I followed the manuals and compiled the latest releases of openct and opensc,
> and I used kernel 2.6.11.
>
> The card I'm using already has a certificate and a pin associated, the purpose
> is only to use it in firefox or other application.

with which software has the card been initialized ?

>
> My questions are: Why do I have to initialize the card? If I do this won't the
> card's certificate be erased?

normally yes (well you can create the pkcs15 structures on card
without deleting it if the pkcs15 files aren't already used, but
that doesn't really help you here as those pkcs15 files created
by opensc wouldn't contain pointers to your cert and key). The
easiest solution might be a pkcs15 emulation (if you have enough
information about your card profile).

Nils
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: cryptoflex e-gate problems (again) [u]

Andreas Jellinghaus-2
In reply to this post by Susana Nunes
On Monday 04 July 2005 16:27, Susana Nunes wrote:
> The card I'm using already has a certificate and a pin associated, the
> purpose is only to use it in firefox or other application.

try a blank card. your card might be initialized in a proprietory way.
opensc initializes cards following the pkcs#15 standard, but most other
software does not.

> My questions are: Why do I have to initialize the card ?

that is like "mkfs" on a raw hard disk: it creates basic structures
that can be filled lates with data, keys, and so on.

opensc initializes the card in the "pkcs15" format. that is a standard
that everyone can implement. opensc also includes emulations for some
other formats, mostly national id cards.

> If I do this won't  
> the card's certificate be erased?
yes like if you create a new filesystem on a hard disk.

but - analog to partitioning - you might be able to create
two different formats on the same card. like you can have a
dos and a linux partition with some cards you can have
two formats. I tried that successfully with cardos and
both opensc and aladdins proprietory format.

but that might not work with cryptoflex.
above all __never__ use -E or --erase-card, because
that erases the whole card (like a "whipe whole disk"
might whipe the whole hard disk, not only the linux
partition).

the disk/partition analogy doesn't fit well.
on smart cards it is more about directories,
files, and the format of he data of that files.

pkcs#15 specifies file "2f00" and a subdirectory
"5015" and certain structures in that subdirectory.
(some cards like cardos have a "ls" command, so you
could see directory "6666" which was used by aladdin
for example. cryptoflex have no "ls" command unfortunatly.)

> Sorry but I'm new at this stuff and getting confused...

it would be so much easier if everyone followed the standard.
but very few other software packages for smart cards do.

Andreas
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-user