/usr/share/opensc/setcos.profile is in opensc 0.14.0-2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 | #
# General purpose PKCS15 profile for SetCOS4.4 cards
#
cardinfo {
max-pin-length = 8;
pin-encoding = ascii-numeric;
pin-pad-char = 0x00;
}
# Addtional default settings
option default {
macros {
protected = *=$SOPIN, READ=NONE;
mf_prot = *=NONE, CREATE=$SOPIN; # Allow to delete the MF
p15_prot = *=$SOPIN, SELECT=NONE, FILES=NONE, CREATE=NONE;
pin_prot = *=NEVER, WRITE=$SOPIN, UPDATE=$SOPIN; # WATCH OUT IF YOU CHANGE THESE!!
prkey_prot = *=NEVER, ERASE=$SOPIN, READ=NONE, CRYPTO=$PIN, UPDATE=$SOPIN;
exkey_prot = *=NEVER, ERASE=$SOPIN, READ=$PIN, UPDATE=$SOPIN;
so-pin-flags = initialized, soPin;
}
}
# Addtional onepin option settings
option onepin {
macros {
protected = *=$PIN, READ=NONE;
mf_prot = *=NONE, CREATE=$PIN; # Allow to delete the MF
p15_prot = *=$PIN, SELECT=NONE, FILES=NONE, CREATE=NONE;
pin_prot = *=NEVER, WRITE=$PIN, UPDATE=$PIN; # WATCH OUT IF YOU CHANGE THESE!!
prkey_prot = *=NEVER, ERASE=$PIN, READ=NONE, CRYPTO=$PIN, UPDATE=$PIN; # READ: only applies on public key
exkey_prot = *=NEVER, ERASE=$PIN, READ=$PIN, UPDATE=$PIN;
so-pin-flags = initialized;
}
}
# Define reasonable limits for PINs and PUK
PIN user-pin {
attempts = 3;
flags = initialized, needs-padding;
}
PIN user-puk {
attempts = 5;
}
PIN so-pin {
reference = 1;
flags = $so-pin-flags;
}
# Additional filesystem info.
# This is added to the file system info specified in the
# main profile.
filesystem {
DF MF {
ACL = $mf_prot;
size = 42; # size = 2 + 2*(number of sub-files) -> 20 sub-files
# There's 1 pin/key file
EF pinfile {
file-id = 0080; # Recommended by Setec
structure = 0x22; # ISF key-file, Setcos V4.4 specific
record-length = 28;
size = 112; # 28 * 4 = 112 -> 1 SO + 3 user pins/puks
ACL = $pin_prot;
}
DF PKCS15-AppDF {
ACL = *=$SOPIN, SELECT=NONE, FILES=NONE, CREATE=NONE;
size = 82; # size = 2 + 2*(number of sub-files) -> 40 sub-files
EF PKCS15-PrKDF {
file-id = 4402;
size = 480;
acl = $protected;
}
EF PKCS15-PuKDF {
file-id = 4403;
size = 480;
acl = $protected;
}
EF PKCS15-CDF {
file-id = 4404;
size = 960;
acl = $protected;
}
EF PKCS15-DODF {
file-id = 4405;
size = 480;
acl = $protected;
}
EF template-private-key {
file-id = 5100;
type = internal-ef;
size = 512; # enough for a 1024 bit RSA key
ACL = $prkey_prot;
}
EF template-extractable-key {
file-id = 5300;
type = internal-ef;
size = 512; # enough for a 1024 bit RSA key
ACL = $exkey_prot;
}
EF template-public-key {
file-id = 5200;
acl = $protected;
}
EF template-certificate {
file-id = 5500;
acl = $protected;
}
EF template-data {
file-id = 5000;
structure = transparent;
acl = $protected;
}
}
}
}
|