On 22/02/2011 15:41, Toni Sjoblom - Aventra wrote:
> Sorry, the public key size for the 2K was missing from that value. That
> explains the 320 bytes difference.
> Public key file for a 2K bit key is 270 bytes. Also, some space is occupied
> when new files are added as well.
Ok.
So 32 2048bit key
Hi,
> -Original Message-
> From: opensc-devel-boun...@lists.opensc-project.org [mailto:opensc-devel-
>
> On 22/02/2011 13:56, Toni Sjoblom - Aventra wrote:
>
> > The private key files sizes are shown in bits not bytes. A 1K private
key
> > uses approx. 960 bytes and 2K respectively appro
On 22/02/2011 13:56, Toni Sjoblom - Aventra wrote:
> The private key files sizes are shown in bits not bytes. A 1K private key
> uses approx. 960 bytes and 2K respectively approx. 1296 bytes. This consists
> of both the private and public parts.
This matches my experimental numbers better :)
28548
Hi,
> -Original Message-
> From: NdK [mailto:ndk.cla...@gmail.com]
>
> On 15/02/2011 11:17, Toni Sjoblom - Aventra wrote:
>
> > Current MyEID cards are 80K, but some of this space is used by the
MyEID
> > applet itself.
> >
> > The file size you see in the 3F00 file is the remaining
On 16/02/2011 21:59, Martin Paljak wrote:
>>> I would not date to suggest turning<1024 key support off (which is the
>>> recommendation by several organizations) but giving a nice fat warning to
>>> the user when creating keys (not importing!) below 1024 (or 1024 keys when
>>> the card claims s
On Feb 16, 2011, at 10:31 PM, NdK wrote:
> On 16/02/2011 21:13, Martin Paljak wrote:
>
>>> The same can be done for 768bit key, and, I suppose, for all key sizes from
>>> 512 to 2048 with the 64 bit step.
>> The only questions is: are you sure you want to do this? Small RSA keys are
>> often u
On 16/02/2011 21:13, Martin Paljak wrote:
>> The same can be done for 768bit key, and, I suppose, for all key sizes from
>> 512 to 2048 with the 64 bit step.
> The only questions is: are you sure you want to do this? Small RSA keys are
> often used in low profile hardware, where the smaller calc
On Feb 16, 2011, at 10:49 AM, Viktor TARASOV wrote:
> On 15.02.2011 19:50, NdK wrote:
>> On 15/02/2011 19:47, Viktor TARASOV wrote:
>>> Sorry, this card can
>>> gen/home/vtarasov/projects/llvm/build/Debug+Asserts/bin/clangerate key
>>> 512bit .
>>> For that the corresponding algorithm should be
Hello,
On Feb 15, 2011, at 5:26 PM, Jean-Michel Pouré - GOOZE wrote:
> Le lundi 14 février 2011 à 17:52 +0100, Andreas Jellinghaus a écrit :
>> fine tuning for each different card and driver: I don't think anyone
>> has the time and manpower for that.
Tuning each and every card driver is of cours
On 15.02.2011 19:50, NdK wrote:
> On 15/02/2011 19:47, Viktor TARASOV wrote:
>> Sorry, this card can
>> gen/home/vtarasov/projects/llvm/build/Debug+Asserts/bin/clangerate key
>> 512bit .
>> For that the corresponding algorithm should be added to the list of the
>> card's algorithms.
>>
>> --- sr
On 15/02/2011 11:17, Toni Sjoblom - Aventra wrote:
> Current MyEID cards are 80K, but some of this space is used by the MyEID
> applet itself.
>
> The file size you see in the 3F00 file is the remaining free space,
but due
> to a limitation of java cards in general, as Martin mentioned, 32k
On 15/02/2011 19:47, Viktor TARASOV wrote:
> Sorry, this card can generate key 512bit .
> For that the corresponding algorithm should be added to the list of the
> card's algorithms.
>
> --- src/libopensc/card-myeid.c (révision 5194)
> +++ src/libopensc/card-myeid.c (copie de travail)
> @@ -100
On 15.02.2011 18:56, NdK wrote:
> On 15/02/2011 16:47, Viktor TARASOV wrote:
>
>>> Ok. So, 'limiting' to 32 keys (due to said limit in pkcs15-tool), I
>>> could have:
>>> cdf_size = 8640 # 3 * 32 * 90 (an average of 3 keys in every cert)
>> You mean 3 certs for each key?
>> I think that it's di
On 15/02/2011 16:47, Viktor TARASOV wrote:
>> Ok. So, 'limiting' to 32 keys (due to said limit in pkcs15-tool), I
>> could have:
>>cdf_size = 8640 # 3 * 32 * 90 (an average of 3 keys in every cert)
> You mean 3 certs for each key?
> I think that it's difficult to generalize this relation, the
On 15.02.2011 12:40, NdK wrote:
> Il 15/02/2011 11:17, Toni Sjoblom - Aventra ha scritto:
>> Hi,
> Woa. *That's* customer support!
>
>> Current MyEID cards are 80K, but some of this space is used by the MyEID
>> applet itself.
> Ok. I'm starting to understand.
>
>> The file size you see in the 3F00
Le lundi 14 février 2011 à 17:52 +0100, Andreas Jellinghaus a écrit :
> fine tuning for each different card and driver: I don't think anyone
> has the time and manpower for that.
The Feitian PKI has the same features. It is possible to set free space
in profile using prkdf-size and pukdf-size.
U
Il 15/02/2011 11:17, Toni Sjoblom - Aventra ha scritto:
> Hi,
Woa. *That's* customer support!
> Current MyEID cards are 80K, but some of this space is used by the MyEID
> applet itself.
Ok. I'm starting to understand.
> The file size you see in the 3F00 file is the remaining free space, but due
>
pensc-devel] Multiple certs on a MyEID card?
>
> Hello,
>
> On Feb 14, 2011, at 11:08 PM, NdK wrote:
>
> > On 14/02/2011 17:52, Andreas Jellinghaus wrote:
> >
> >> I have no clue about myeid, but some other cards are only 32k for
example.
> >&g
Hello,
On Feb 14, 2011, at 11:08 PM, NdK wrote:
> On 14/02/2011 17:52, Andreas Jellinghaus wrote:
>
>> I have no clue about myeid, but some other cards are only 32k for example.
>> reserving 8192 would be 25% and that is only one directory file...
> Well, javacards have a limit of 32k of data, I
On 14/02/2011 17:52, Andreas Jellinghaus wrote:
> I have no clue about myeid, but some other cards are only 32k for example.
> reserving 8192 would be 25% and that is only one directory file...
Well, javacards have a limit of 32k of data, IIUC, so it's more or less
the maximum for single-app java
Am Sonntag 13 Februar 2011, um 21:39:17 schrieb NdK:
> What's the downside of setting it to bigger size? Maybe even 8192 or so?
> Can I override default profiles on a per-user basis in a simple way? I
> already tried copying myeid.profile and using -p, but I had to use
> ../../../../path/to/current
Il 14/02/2011 07:15, Martin Paljak ha scritto:
$ pkcs15-init -S startssl.p12 -f PKCS12 -i 45 -a 2 -l "StartSSL auth"
Using reader with a card: Gemalto GemPC Twin 00 00
error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure
>>> Is this error normal? Does it happen with OpenSS
Hello,
On Feb 14, 2011, at 12:47 AM, NdK wrote:
> On 13/02/2011 21:18, Martin Paljak wrote:
>>> $ pkcs15-init -S startssl.p12 -f PKCS12 -i 45 -a 2 -l "StartSSL auth"
>>> Using reader with a card: Gemalto GemPC Twin 00 00
>>> error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure
>> Is this
On 13/02/2011 21:18, Martin Paljak wrote:
>> $ pkcs15-init -S startssl.p12 -f PKCS12 -i 45 -a 2 -l "StartSSL auth"
>> Using reader with a card: Gemalto GemPC Twin 00 00
>> error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure
> Is this error normal? Does it happen with OpenSSL command lin
On 13/02/2011 14:38, Andreas Jellinghaus wrote:
> yes, smart cards are quite old technology, files can't grow on demand :(
I knew that.
> sorry, I know ono way to calculate such file sizes. all you can do is try and
> error.
Yup. Hard to predict correct size, since certs can be of different size.
Hello,
On Feb 13, 2011, at 2:59 PM, NdK wrote:
>
> $ pkcs15-init -S startssl.p12 -f PKCS12 -i 45 -a 2 -l "StartSSL auth"
> Using reader with a card: Gemalto GemPC Twin 00 00
> error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure
Is this error normal? Does it happen with OpenSSL command l
I haveno clue about myeid cards.
but in general you need to edit the profile to set the size of the
*DF files ("directory" files, i.e. files with the list and attributes
of all certs / keys / whatever). If some fileis too small, all you can do
is erase the whole card and create a new pkcs#15 struct
On 13/02/2011 11:07, Tomas Gustavsson wrote:
> Did you try to specify the -i parameter when importing certificates?
> pkcs15-init --store-certificate cert.pem -v -i 45
> where i is the key_id?
>
> I didn't try with multiple certs actually, but that's how I imported
> certificates assigning them to
Did you try to specify the -i parameter when importing certificates?
pkcs15-init --store-certificate cert.pem -v -i 45
where i is the key_id?
I didn't try with multiple certs actually, but that's how I imported
certificates assigning them to a key. See
http://blog.ejbca.org/2010/03/using-pure-o
Hi all.
I'm using a MyEID card (got a pack of 5 to test) on a GemPlus USB-SW
reader. OpenSC is 0.12, from Mandriva Cooker (2011alpha) packages.
If I init the card and load a single certificate (actually the one I use
to authenticate on StartSSL.com) it's OK.
I can even generate a 2048 bit key pa
30 matches
Mail list logo
