Re: [Opensc-devel] Cannot delete data object on Feitian ePass2003

[Ondrej M. <ond...@ni...>]

On 03/28/2013 09:19 AM, Florent Deybach wrote:
> *As you can see, the object is present :*
> **
> *
> 
>     *root@ubuntu12-10:~# pkcs15-tool --dump*
> 
>     *Using reader with a card: Feitian ePass2003 00 00*
> 
>     *[...]*
>     *Data object 'cleTruecrypt'*
>     *applicationName: cleTruecrypt*
>     *Path: 3f0050153400*
>     *Auth ID: 01*

My guess would be that the default ACLs prevent deleting the file. If you look
at /usr/share/opensc/epass2003.profile, there is the following part describing
ACLs for 3f00/5015/34xx files:

	# data objects are stored in transparent EFs.
	EF privdata {
    file-id		= 3400;
	structure	= transparent;
			ACL	  	  	= *=NEVER,READ=$PIN,UPDATE=$PIN;
	}

That means the ACL for delete is NEVER, i.e. even PIN authorization won't
suffice for deletion of this file. It would be consistent with the log you
posted - the authenticate APDU instruction goes through OK, but erasing in the
last APDU fails with SW 0x69 0x82 "security status not satisfied".

AFAIK you won't be able to delete the file without erasing the card (pkcs15-init
-E) or erasing the parent DF 5015.

Note that the ACLs from the profile are applied at the moment a file is created
on token (like key or data object).

Ondrej