[opensc-user] 5 auth-ids and 5 certs on iKey 3000

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

[opensc-user] 5 auth-ids and 5 certs on iKey 3000

Jan Schermer
I've just obtained a cacert.org class1 certificate and wanted to import
it to my iKey3K, auth-id was created fine but I was not able to impor
the certificate because of (sorry I closed the terminal) "Too small card
file size" (or card size, not sure)

I player with oberthur profile and tweaked it:

        odf-size        = 512;
        aodf-size       = 512;
        cdf-size        = 2048;
        prkdf-size      = 1024;
        pukdf-size      = 1024;
        dodf-size       = 512;

and now everything works...

what may be the side effects of this? Why is it not the default? Is
there some more "correct" way to import 5 certificates to one card?

Thanks

Jan

P.S. sorry for crossposting but opensc-user, though more appropriate, is
a little too young for me :)

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-user

smime.p7s (3K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: 5 auth-ids and 5 certs on iKey 3000 [u]

Andreas Jellinghaus-2
Hi Jan,

of course a perfact app would look at all the things to
store and then create each file exactly large enought so it
fits that situation.

but opensc can't do that. we can only use profiles with
fixed sizes to store certificates and keys.

I'm fine with your changes, maybe we can even change the
default profile for them?

but you realise, those files use 5kb. so on a 8kb
card that won't work at all. and on 16kb card,
that would eat too much memory, too.

I think we should start a wiki page on profiles and what
you can change in them, list your results as well as other
tips so people can builds profiles that suit their needs.

> what may be the side effects of this? Why is it not the default? Is
> there some more "correct" way to import 5 certificates to one card?

bedide 8k and 16k cards, other people might use bigger card, but might
want to use some memory for other applications, and then again they
won't like how much memory is already spend.

too bad smart card operating systems require to specify file sizes
when a file is created. you can't simply let it grow like with real
operating systems.

Regards, Andreas
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: 5 auth-ids and 5 certs on iKey 3000 [u]

Jan Schermer

I'm fine with your changes, maybe we can even change the
default profile for them?

but you realise, those files use 5kb. so on a 8kb
card that won't work at all. and on 16kb card,
that would eat too much memory, too.

  
iKey3K is supposed to have 32KiB of memory, but I'm probably hitting the memory limit already

I think we should start a wiki page on profiles and what
you can change in them, list your results as well as other
tips so people can builds profiles that suit their needs.

  
that would be cool, though I doubt many people store that much information on a single card, if there is no downside maybe the profiles should be tweaked a bit

  
what may be the side effects of this? Why is it not the default? Is
there some more "correct" way to import 5 certificates to one card?
    

bedide 8k and 16k cards, other people might use bigger card, but might
want to use some memory for other applications, and then again they
won't like how much memory is already spend.

too bad smart card operating systems require to specify file sizes
when a file is created. you can't simply let it grow like with real
operating systems.
  
anybody porting linux to that? :))

Jan

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel

smime.p7s (3K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: 5 auth-ids and 5 certs on iKey 3000 [u]

Nils Larsch
Jan Schermer wrote:
...
> iKey3K is supposed to have 32KiB of memory, but I'm probably hitting the
> memory limit already

but a iKey3k is _not_ supposed to be initialized with oberthur profile

>
>>I think we should start a wiki page on profiles and what
>>you can change in them, list your results as well as other
>>tips so people can builds profiles that suit their needs.
>>
>>  
>>
> that would be cool, though I doubt many people store that much
> information on a single card, if there is no downside maybe the profiles
> should be tweaked a bit
>
>>>what may be the side effects of this? Why is it not the default? Is
>>>there some more "correct" way to import 5 certificates to one card?
>>>    
>>>
>>
>>bedide 8k and 16k cards, other people might use bigger card, but might
>>want to use some memory for other applications, and then again they
>>won't like how much memory is already spend.
>>
>>too bad smart card operating systems require to specify file sizes
>>when a file is created. you can't simply let it grow like with real
>>operating systems.
>>  
>>
> anybody porting linux to that? :))

better not, that would ruin the security of these smartcards

Nils
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel