[Opensc-devel] Feitian FTCOS/PK-01 w/ OpenSC

[Markus K. <ko...@rr...>]

Hi,


I'm evaluating Feitian Cards and I've the following problem:
When writing the cards with OpenSC - the signed - Feitian Windows driver 
does not find the private key of the x509 certificate and can't use the 
certificate therefore (certmgr.msc shows the certificate in the 'other 
persons -> certificates' tab).

Using the card with e.g. Mozilla Firefox with opensc-pkcs11 works fine 
though.

When creating the certificate using a key generated on the card, a card 
written with opensc works fine too, but we need the possibility to write 
pkcs12 to the card and use them on Windows.

When writing the pkcs12 to card with the Entersafe PKI Manager, the 
cards work fine on windows too.

I noticed the Entersafe PKI Manager has some kind of directory view, 
which shows the private/public/x509 in the same "directory" in case the 
card is written with Entersafe PKI Manager - or the keys is generated on 
the card and the certificate is written with OpenSC.
I was unable to figure out how to force a specific 'directory' for the 
data I need to write.

I tried pkcs11-tool to write something, same problem, private key ends 
up in different "directory" and the (Windows) application (using the 
Feitian CSP) does not work.

I'm using
opensc 0.12.2 [gcc  4.6.3]
Enabled features: zlib readline openssl pcsc(libpcsclite.so.1)
on Ubuntu 12.04 x86_64.

Attached is some screenshots of the Entersafe PKI Manager and 
pkcs15-tool dumps of the cards.

entersafe_pki_manager-pkcs12-import - works
opensc_pkcs15-tool_key_on_card - works
opensc_pkcs15-tool_pkcs12-import - fails

I've been working with different usage types already, nothing really 
matters, it works once the key is in the same directory.

How can I enforce the private key to be in the same "directory" as the 
certificate when writing a pkcs12?


MfG
Markus Kötter