"Fossies" - the Fresh Open Source Software Archive

Member "opensc-0.22.0/src/pkcs15init/cyberflex.profile" (10 Aug 2021, 2919 Bytes) of package /linux/privat/opensc-0.22.0.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 #
    2 # General purpose PKCS15 profile for Cyberflex Access 16K cards
    3 #
    4 cardinfo {
    5     max-pin-length	= 8;
    6     pin-encoding	= ascii-numeric;
    7     pin-pad-char	= 0x00;
    8     pin-domains		= yes;
    9 }
   10 
   11 # Define reasonable limits for PINs and PUK
   12 # The user pin must always be CHV1, otherwise things
   13 # won't work (crypto operations are protected by CHV1)
   14 PIN user-pin {
   15     attempts	= 3;
   16 }
   17 PIN user-puk {
   18     attempts	= 10;
   19 }
   20 
   21 # Additional filesystem info.
   22 # This is added to the file system info specified in the
   23 # main profile.
   24 filesystem {
   25     # Define default ACLs and file ids for CHV1/CHV2
   26     EF CHV1 {
   27     	file-id	= 0000;
   28 	ACL	= *=NEVER, UPDATE=CHV1;
   29     }
   30     EF CHV2 {
   31     	file-id	= 0100;
   32 	ACL	= *=NEVER, UPDATE=CHV2;
   33     }
   34 
   35     DF MF {
   36 	ACL	= *=AUT0;
   37 
   38 	# The DELETE=NONE ACLs will go away once the code
   39 	# works. It's here to make sure I can erase the card
   40 	# even if I mess up big time.
   41 	#
   42 	# If you have a 16K card and wish to store
   43 	# two cert/key pairs.
   44 	# Note if you want the two keys to be protected by the
   45 	# same pin, you need to increase the size of the pin-dir.
   46 	DF PKCS15-AppDF {
   47 	    ACL		= *=$SOPIN, FILES=NONE, DELETE=NONE;
   48 	    # Cyberflex Access 16K
   49 	    size	= 7500;
   50 
   51 	    # This "pin-domain" DF is a template that is
   52 	    # instantiated for each PIN created on the card.
   53 	    #
   54 	    # When instantiating the template, each file id will be
   55 	    # combined with the last octet of the object's pkcs15 id
   56 	    # to form a unique file ID. That is, PIN 01 will reside
   57 	    # in 4b01, PIN 02 will reside in 4b02, etc.
   58     	    template pin-domain {
   59 		DF pin-dir {
   60 		    ACL		= *=$SOPIN, FILES=NONE, DELETE=NONE;
   61 		    file-id	= 4B00;
   62 
   63 		    # The minimum size for a 2048 bit key is 1396
   64 		    size	= 2800;
   65 		}
   66 	    }
   67 
   68 	    # For PIN-protected files, instantiate this template
   69 	    # below the pin directory.
   70 	    # For unprotected objects, install within the application DF.
   71 	    #
   72 	    # When instantiating the template, each file id will be
   73 	    # combined with the last octet of the object's pkcs15 id
   74 	    # to form a unique file ID.
   75 	    template key-domain {
   76 		# In order to support more than one key per PIN,
   77 		# each key must be within its own subdirectory.
   78 	    	DF key-directory {
   79 		    ACL	= *=$PIN, FILES=NONE;
   80 		    file-id	= 3000;
   81 		    size	= 1400;
   82 
   83 	            EF private-key {
   84 		        file-id	= 0012;
   85 		        ACL		= *=NEVER, CRYPTO=$PIN, UPDATE=$PIN;
   86 		    }
   87 		    EF internal-pubkey-file {
   88 		        file-id	= 1012;
   89 		        ACL		= *=$PIN, READ=NONE;
   90 		    }
   91 		}
   92 		EF extractable-key {
   93     	            file-id	= 4300;
   94     	            ACL		= *=NEVER, READ=$PIN, UPDATE=$PIN;
   95 		}
   96 		EF public-key {
   97 		    file-id	= 4400;
   98 		    ACL		= *=$PIN, READ=NONE;
   99 		}
  100 		EF certificate {
  101 		    file-id	= 4500;
  102 		    ACL		= *=$PIN, READ=NONE;
  103 		}
  104 		EF data {
  105 		    file-id	= 4600;
  106 		    ACL		= *=$PIN, READ=NONE;
  107 		}
  108 		EF privdata {
  109 		    file-id	= 4700;
  110 		    ACL		= *=$PIN;
  111 		}
  112 	    }
  113 	}
  114     }
  115 }