Hi,
Aventra development wrote:
Here is a small patch that modifies the MyEID profile. This profile
now initializes the cards like we want them (users are of course free
to modify the profile to get cards like they want, but we think this
should be the default).
I suppose the ACL for card initialization (clearing card) is not
desired to be NONE and therefore we undefined the
KEEP_AC_NONE_FOR_INIT_APPLET, and you can anyway set it to anything
you like by configuring the profile.
Your patch do not working for me when applied to trunk .
The reasons are:
- actual implementation of pkcs15init needs to verify 'DELETE' acl of
the PKCS15-AppDF when doing 'create object' operations. So, your have to
set it to 'NONE' or 'User PIN';
- take into account my mail
http://www.opensc-project.org/pipermail/opensc-devel/2010-September/014865.html
illustrated by diff from
http://www.opensc-project.org/pipermail/opensc-devel/2010-September/014867.html
In attachment there is a diff for myeid.profile (relative to trunk) that
actually 'works for me'.
There is a downside with this configuration, pkcs15-init now asks many
times (5 times I think) for the USER PIN when it initializes the MyEID
card and creates the required files (it does not matter what you
enter, because it won’t be verified since the card is in creation state).
I propose you to use '--pin' argument for the 'pkcs15-init' command.
Pkcs15-init creates the SO-PIN, but not the USER PIN. It would be nice
if pkcs15-init would create both PINs, since it is built to support
two PINs (User and SO). Currently we create the user pin after
initialization and finalize the card after that. If somebody knows how
to get rid of the unnecessary user PIN queries please apply fix or
help us do it.
Pkcs15-init creates both PINs with this kind of command:
#pkcs15-init -C --label "IDX-SCM" -P --auth-id 53434D --so-pin
"12345678" --so-puk "123456" --pin "9999" --puk "8888" -F
#pkcs15-tool --list-pins
Using reader with a card: OmniKey CardMan 3121 00 00
PIN [Security Officer PIN]
Object Flags : [0x3], private, modifiable
ID : ff
Flags : [0xB0], initialized, needs-padding, soPin
Length : min_len:4, max_len:8, stored_len:8
Pad char : 0xFF
Reference : 3
Type : ascii-numeric
Path :
PIN [IDX-SCM]
Object Flags : [0x3], private, modifiable
ID : 53434d
Flags : [0x30], initialized, needs-padding
Length : min_len:4, max_len:8, stored_len:8
Pad char : 0xFF
Reference : 1
Type : ascii-numeric
Path :
Please apply this small patch, thanks!
Kind regards,
Toni
Kind wishes,
viktor.
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Index: src/pkcs15init/myeid.profile
===================================================================
--- src/pkcs15init/myeid.profile (révision 4767)
+++ src/pkcs15init/myeid.profile (copie de travail)
@@ -53,8 +53,8 @@
PIN user-puk {
min-length = 4;
max-length = 8;
- attempts = 10;
- flags = needs-padding;
+ attempts = 10;
+ flags = needs-padding;
}
PIN so-pin {
@@ -80,7 +80,7 @@
DF MF {
path = 3F00;
type = DF;
- acl = CREATE=$SOPIN,DELETE=NONE;
+ acl = CREATE=$PIN, DELETE=$SOPIN;
# This is the DIR file
EF DIR {
@@ -92,13 +92,13 @@
DF PKCS15-AppDF {
type = DF;
file-id = 5015;
- acl = DELETE=NONE, CREATE=$SOPIN;
+ acl = DELETE=$PIN, CREATE=$PIN;
EF PKCS15-ODF {
file-id = 5031;
structure = transparent;
size = $odf-size;
- acl = READ=NONE, UPDATE=$SOPIN, DELETE=$SOPIN;
+ acl = READ=NONE, UPDATE=$PIN, DELETE=$SOPIN;
}
EF PKCS15-TokenInfo {
@@ -125,67 +125,67 @@
file-id = 4402;
structure = transparent;
size = $prkdf-size;
- acl = READ=NONE, UPDATE=$PIN, DELETE=$SOPIN;
+ acl = *=NEVER, READ=NONE, UPDATE=$PIN, DELETE=$SOPIN;
}
EF PKCS15-PuKDF {
file-id = 4403;
structure = transparent;
size = $pukdf-size;
- acl = READ=NONE, UPDATE=$PIN, DELETE=$SOPIN;
+ acl = *=NEVER, READ=NONE, UPDATE=$PIN, DELETE=$SOPIN;
}
EF PKCS15-CDF {
file-id = 4404;
structure = transparent;
size = $cdf-size;
- acl = READ=NONE, UPDATE=$PIN, DELETE=$SOPIN;
+ acl = *=NEVER, READ=NONE, UPDATE=$PIN, DELETE=$SOPIN;
}
EF PKCS15-DODF {
file-id = 4405;
structure = transparent;
size = $dodf-size;
- acl = READ=NONE, UPDATE=$PIN, DELETE=$SOPIN;
+ acl = *=NEVER, READ=NONE, UPDATE=$PIN, DELETE=$SOPIN;
}
EF template-private-key {
type = internal-ef;
file-id = 4B01;
- acl = CRYPTO=$PIN, UPDATE=$PIN, DELETE=$SOPIN,
GENERATE=$PIN;
+ acl = CRYPTO=$PIN, UPDATE=$PIN, DELETE=$PIN,
GENERATE=$PIN;
}
EF template-public-key {
structure = transparent;
file-id = 5501;
- acl = READ=NONE, UPDATE=$PIN, DELETE=$SOPIN,
GENERATE=$PIN;
+ acl = READ=NONE, UPDATE=$PIN, DELETE=$PIN,
GENERATE=$PIN;
}
EF template-certificate {
file-id = 4301;
structure = transparent;
- acl = READ=NONE, UPDATE=$PIN, DELETE=$SOPIN;
+ acl = READ=NONE, UPDATE=$PIN, DELETE=$PIN;
}
template key-domain {
# This is a dummy entry - pkcs15-init insists that
# this is present
EF private-key {
- file-id = 4B00;
+ file-id = 4B01;
type = internal-ef;
- acl = READ=NONE, UPDATE=$PIN, DELETE=$SOPIN,
GENERATE=$PIN;
+ acl = READ=NONE, UPDATE=$PIN, DELETE=$PIN,
GENERATE=$PIN;
}
EF public-key {
- file-id = 5500;
+ file-id = 5501;
structure = transparent;
- acl = READ=NONE, UPDATE=$PIN, DELETE=$SOPIN,
GENERATE=$PIN;
+ acl = READ=NONE, UPDATE=$PIN, DELETE=$PIN,
GENERATE=$PIN;
}
# Certificate template
EF certificate {
- file-id = 4300;
+ file-id = 4301;
structure = transparent;
- acl = READ=NONE, UPDATE=$PIN, DELETE=$SOPIN;
+ acl = READ=NONE, UPDATE=$PIN, DELETE=$PIN;
}
}
}
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
