Using the Feitian PKI Card for a few months with Ubuntu 11.04, I tried to "clean up" the card by deleting a few certificates stored on the card.
pkcs15-tool -D says:
X.509 Certificate [Certificate]
Object Flags : [0x2], modifiable
Authority : no
Path : 3f0050153102
ID : 194e456d2dab34369a1c3cce86c546d8cf1b5c5e
GUID : {194e456d-2dab-3436-9a1c-3cce86c546d8}
Encoded serial : 02 02 00C7
I try to delete this certificate with
pkcs15-init --delete-objects cert --id 194e456d2dab34369a1c3cce86
but this yields the following error:
Using reader with a card: SCM SCR 335 [CCID Interface] (21120813300614) 00 00
Failed to delete object 0: Not supported
Deleted 0 objects
Failed to delete object(s): Not supported
Is it not possible to delete certificates on a Feitian PKI card?
Software versions used:
pcsc-lite version 1.7.0.
opensc 0.12.2 [gcc 4.5.2]
Thanks for your advice,
Christian
Blinklist
del.icio.us
Digg
Facebook
Favorite
Google
Google Buzz
Icerocket
LinkedIn
Newsvine
Propeller
Reddit
SlashDot
StumbleUpon
Technorati
Twitter
Yahoo- 263 reads
Printer-friendly version
PDF version
Re: Deleting certificates on Feitian PKI card impossible?
This is a security feature: RSA key and X.509 cannot be deleted to avoid any attack where the attacker would replace the certificate. But you can erase the smartcard.
Re: Deleting certificates on Feitian PKI card impossible?
Thanks for this clarification.
Perhaps you should state this also in your smartcard tutorial at
http://www.gooze.eu/howto/smartcard-quickstarter-guide/deleting-objects-...
Here, it looks like it is possible to delete certificates.
Best regards,
Christian
Re: Deleting certificates on Feitian PKI card impossible?
Documentation updated, thanks.
I hope that this can change in the future:
* allow deletion of object when the card is not finalized.
* diallow when the card is finalized.