No sub-articles
Browse articles in this level »
New article next to Working with Feitian ePass2003 New article below Working with Feitian ePass2003 

  Special Thanks
==============

The initialisation of smart-card presented here has been taken (in a slightly modified form) from the Gooze website. The original post can be found [here](http://www.gooze.eu/howto/smartcard-quickstarter-guide/smart-card-initialization). Many thanks for concise and precise information. I'd also like to thank the guys behind Gooze for providing me with two tokens free of charge, and especially for handing out a number of those at FOSDEM 2012.

Features
========

The Feitian ePass2003 USB token features support for generating the RSA keys of up to 2048 bits, but with the limitation of supporting only a single PIN/PUK code (i.e. no security officer PIN/PUK). The token itself is CCID compliant.

Requirements
============

For Debian Squeeze you'll need a more recent [OpenSC package](/FreeSoftwareX509Cookbook/x509_infrastructure/smart_card/preparing_the_environment/) in addition to common requirements.

In addition to that you'll need more recent version of the pcsc-lite and libccid package. Below you'll find instructions on how to rebuild them as well.


Rebuilding the pcsc-lite Packages
---------------------------------

Install the required dependencies with:

```
? root
$ apt-get build-dep pcsc-lite
```

Prepare the build directories, download the sources, and build the package:

```
----BEGIN----$
mkdir ~/src/
cd ~/src/
apt-get source pcsc-lite
cd ~/src/pcsc-lite-1.8.1/
dpkg-buildpackage -rfakeroot -b
-----END-----$
```

You should now have the package build and ready in directory:

```
# ~/src/
```

This package should be copied over to destination machines and then installed with:

```
? root
$ dpkg -i {{package}}
```

Replace the parameter *package* with the resulting filename of the Debian package.

Rebuilding the libccid
----------------------

Prior to proceeding with the rebuild of *libccid*, you'll have to install the custom-built development packages from the previous step (the *pcsc-lite* packages).

Install the remaining required dependencies with:

```
? root
$ apt-get build-dep libccid
```

Prepare the build directories, download the sources, and build the package:

```
----BEGIN----$
mkdir ~/src/
cd ~/src/
apt-get source libccid
cd ~/src/ccid-1.4.5/
dpkg-buildpackage -rfakeroot -b
-----END-----$
```

You should now have the package built and ready in directory:

```
# ~/src/
```

This package should be copied over to destination machines and then installed with:

```
? root
$ dpkg -i {{package}}
```

Replace the parameter *package* with the resulting filename of the Debian package.


Initialising the Card
=====================

The first step is to erase the contents of the smart card with:

```
$ pkcs15-init --erase-card
```

If the card has already been initialised, you will be prompted for the PIN code you've used earlier.

Now comes the initialisation of the PKCS#15 structure on the smart card. It is useful to create a configuration file for this step which will include the user's PIN/PUK codes:

```
# ~/card_options.conf
----BEGIN----
pin {{pin_code}}
puk {{puk_code}}
-----END-----
```

Replace the parameters *pin_code* and *puk_code* with user's PIN and PUK codes.

```
$ pkcs15-init --create-pkcs15 --profile pkcs15+onepin --use-default-transport-key --options-file ~/card_options.conf
```

Finally, you'll want to remove the configuration file for this particular smart card (in a safe manner):

```
$ shred -z -u -n10 ~/card_options.conf
```

The smart card is now initialised, and it can be used for storing private keys, public keys, and certificates. Multiple key/certificate pairs can be stored in the single slot it provides.