No sub-articles
Browse articles in this level »
New article next to Working with Feitian PKI New article below Working with Feitian PKI 

  Special Thanks
==============

The initialisation of smart-card presented here has been taken (in a slightly modified form) from the Gooze website. The original post can be found [here](http://www.gooze.eu/howto/smartcard-quickstarter-guide/smart-card-initialization). Many thanks for concise and precise information.


Features
========

The Feitian PKI smart card features support for generating the RSA keys of up to 2048 bits, but with the limitation of supporting only a single PIN/PUK code (at this time no support for security officer PIN/PUK).


Requirements
============

For Debian Squeeze you may find that using more recent [OpenSC package](/FreeSoftwareX509Cookbook/x509_infrastructure/smart_card/preparing_the_environment/) will give you a more pleasant experience with this smart card.


Initialising the Card
=====================

The first step is to erase the contents of the smart card with:

```
$ pkcs15-init --erase-card
```

If the card has already been initialised, you will be prompted for the PIN code you've used earlier.

Now comes the initialisation of the PKCS#15 structure on the smart card. It is useful to create a configuration file for this step which will include the user's PIN/PUK codes:

```
# ~/card_options.conf
----BEGIN----
pin {{pin_code}}
puk {{puk_code}}
-----END-----
```

Replace the parameters *pin_code* and *puk_code* with user's PIN and PUK codes.

```
$ pkcs15-init --create-pkcs15 --profile pkcs15+onepin --use-default-transport-key --options-file ~/card_options.conf
```

Finally, securely remove the configuration file for this particular smart card:

```
$ shred -z -u -n10 ~/card_options.conf
```

The smart card is now initialised, and it can be used for storing private keys, public keys, and certificates. Multiple key/certificate pairs can be stored in the single slot it provides.