Scenario 5: importing 3DES key

OpenSC is able to generate RSA keys using the embedded processor, not 3DES keys.
To use 3DES keys, we need to generate and import them to smartcard/token.

Generate a 3des key using OpenSSL:

$ openssl rand 24 -out 3des.key

Import the 3DES key as an independant object and write private flag to forbid the user from reading it back:

$ pkcs11-tool -v --module opensc-pkcs11.so --slot 1 --label "3deskey" --write-object 3des.key --type data --private --login --pin 0000

Now dump content of card/token:

$ pkcs15-tool --dump

Using reader with a card: Feitian ePass2003 00 00
PKCS#15 Card [François Pérou]:
Version : 0
Serial number : 2431330916091101
Manufacturer ID: EnterSafe
Last update : 20111231100514Z
Flags : EID compliant

PIN [User PIN]
Object Flags : [0x3], private, modifiable
ID : 01
Flags : [0x32], local, initialized, needs-padding
Length : min_len:4, max_len:16, stored_len:16
Pad char : 0x00
Reference : 1
Type : ascii-numeric
Path : 3f005015

Reading data object <0>
applicationName: 3deskey
Label: 3deskey
applicationOID: NONE
Path: 3f0050153400
Auth ID: 01

The 3DES key is installed and usable by the smartcard and OpenSSL crytoengine.

It can also be retrieved using a PIN code and therefore is not completely hidden:

$ pkcs15-tool --read-data-object "3deskey" -o welcome-back.txt

Bookmark/Search this post with

Learn how to buy without VAT. Read our shipping policies. Validate your account using SMS to allow shipping small items at low price.

Feitian PKI: 12.90€

Buy the FEITIAN PKI card for only 12.90€. We ship to any European-Union country starting from 0.90 €. Learn more ...

Feitian ePass PKI token: 34.90€

Discover the best token for GNU/Linux, Mac OS X and Windows. Full support from OpenSC free software solutions, no proprietary driver needed.

PIN code security.
RSA keys up to 2048bit.
Standard X.509 v3 certificates.
On-board RSA DES 3DES SHA1.
Both PKCS#11 and MS-CAPI.
64K user space.
Compatible with: Iceweasel, Firefox, Evolution, Seahorse, OpenSSL, OpenSSH, PAM P11 and PAM PKCS11 authentication modules, Strongswan, Putty CAC, WinSCP, LoopAES, Truecrypt, etc...
Tested with online CAs like CaCert.org and StartSSL.

Buy the FEITIAN ePass PKI token for only 34.90€ ... 30 day satisfied or cash back.

Fast delivery
Order placed on GOOZE before 15:00 are shipped the same day. Orders placed after 15:00 are shipped next business day.

Apply for a free FEITIAN PKI card

GOOZE and FEITIAN are happy to donate 20 Feitian PKI cards to Free Software projects. If your project meets certain criteria, please apply for a free card.

Translating GOOZE

GOOZE is being translated into French. Thank you for your patience!

Scenario 5: importing 3DES key

Catalog

My account

Upcoming events

Feitian PKI: 12.90€

Feitian ePass PKI token: 34.90€

Apply for a free FEITIAN PKI card

Translating GOOZE