[Opensc-devel] Cryptoflex 32K profile for ≥3 keys+certificates

[Gary G. <ga...@ga...>]

Using OpenSC on Ubuntu 13.04 version 0.12.2-2ubuntu2 with Cryptoflex 32K 
v4 card.

Attempting to store several key pairs and certificates. Not having any 
success. Routinely end up with "Failed to store private key: File too 
small" and "Failed to store private key: Not enough memory on card".

Card initialized using pkcs15-init -T --create-pkcs15 using only 
--so-pin, --so-puk, and --label arguments (as well as variations on this 
calling out an alternate profile).
One auth-id declared with pkcs15-init -T --store-pin.
Attempt several  pkcs15-init --store-private-key operations. Run out of 
memory after two. PKCS11 files crafted to have only key+certificate (no 
CA certificates). Have tried the same with more than one declared auth-id.

A few questions:

There is no (obvious) specific profile for this card. I assume that 
/usr/share/opensc/pkcs15.profile is used. Is this correct?

I have tried to copy and alter /usr/share/opensc/pkcs15.profile and 
specify the altered profile as a -p argument to pkcs15-init 
--create-pkcs15. Is this the correct method?

Which profile configuration item adjustments are pertinent to allow for 
more than two key pairs and associated certificate to be loaded? I have 
tried this with CA certificates included or excluded. Ideally, I'd like 
to load the key pair plus certificate plus CA certificates using PKCS11 
bundles in typical export form. In my case, more than two.

I'm having a rather difficult time understanding how to lay out the 
profile. It seems I've not understood how to accommodate several key 
pairs and/or certificates. Importation of a typical PKCS11 bundle 
including two CA certificates works, but a second with 3 CA certs fails, 
as does an attempt at three keys with a single certificate each.

Regards,

Gary