1

I'm playing with smartcards and I'm wonderig if it is possible to define pkcs15 structure from scratch. Syntax of https://github.com/OpenSC/OpenSC/blob/master/src/pkcs15init/pkcs15.profile is undocumented, but I think I might achieve what I wan't by editing it. Do you have any clues what to start with? Also side question is, if it is possible to read/write arbitrary files with opensc?

Usecase

Lets assume that we want to initialize card with a one pregenerated private and public key where user will be only allowed to sign when authorized by PIN.

majkrzak
  • 1,332
  • 3
  • 14
  • 30
  • There seems to be two steps in OpenSC: the formatting of the card and the personalization step of the card. However, you can maybe combine the first part of personalization with the formatting of the card; usually you are allowed to authenticate twice. Just a general hint on how I *guess* that OpenSC operates. – Maarten Bodewes Oct 22 '19 at 17:09
  • I love the man page of https://linux.die.net/man/5/pkcs15-profile :D – majkrzak Oct 22 '19 at 17:16
  • Yes, that seems to be the smart card world I know as well. At least they tried to document the profile itself. Makes more sense too, as they can adopt the documentation if the profile structure changes. However, it doesn't seem to cover all the options and limits and such. – Maarten Bodewes Oct 22 '19 at 17:19

1 Answers1

1

Yes, of course it is possible to define a PKCS#15 structure from scratch. The rules for the structure are specified in the PKCS#15 standard. I think that if you get to know the standards that the options in pkcs15.profile are relatively easy to understand. Otherwise I would just start playing around with it.

OpenSC is probably not geared to writing arbitrary files, but as you can see it does allow you to set the File ID etc. per file. So it seems obvious that some kind of functionality exists, and otherwise it is easy to find it in the source code.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
  • This answer comes from an understanding of PKCS#15 rather than OpenSC, and I would upvote any answer with more precise OpenSC geared information. – Maarten Bodewes Oct 22 '19 at 17:05
  • There is some inconsistency between pkcs15 and the OpenSC file format. Also it seems that I've bricked one token :D – majkrzak Oct 22 '19 at 17:06
  • That sounds very much like the smart card world that I know, yes :) Leave the question open for a while, see if there are any OpenSC experts out there... – Maarten Bodewes Oct 22 '19 at 17:07
  • https://github.com/OpenSC/OpenSC/issues/1833 I've asked OpenSC authors to document profile files. They are probably going to ban me again :D Anyway I'm thinking if it is wise to try to handle it directly with lowlevel pkcs15 structures. Similar approach was finally the best when I was working with TPM-s – majkrzak Oct 23 '19 at 08:50