7:pkcs15

From Linux Man Pages

Jump to: navigation, search
      pkcs15 - standard for storing information on smart cards

DESCRIPTION

      The   PKCS   #15   standard   is   available  from  http://www.rsasecu-
      rity.com/rsalabs/pkcs.  This document does not try to cover PKCS #15 in
      detail;  it just tries to give readers not familiar with the standard a
      brief overview.
 
      PKCS #15 defines a standard how to store keys, certificates and  possi-
      bly other data on a smart card, and how to describe certain meta infor-
      mation (such as what PIN the user needs to present before he's  allowed
      to use a certain private key).
 
      A  PKCS  #15 compliant smart card can contain one or more applications.
      There is one ``meta directory that contains a list  of  all  applica-
      tions.  On  cards that support an ISO 7816 compatible file system, each
      application usually resides in a directory of its own.
 
      Within each application directory, PKCS #15 defines a structure of meta
      files (also called Directory Files) that contain information on objects
      stored on the card. For instance, there is a private key directory file
      (or PrKDF for short) that contains a list of private keys stored on the
      card. Likewise, there's a public key directory file (PuKDF) and a  cer-
      tificate directory file (CDF).
 
      One fairly important PKCS #15 directory file is the AODF, or authoriza-
      tion object directory file, which describes the PINs held by the  card.
      Note  the  AODF does not contain the PINs themselves; this is something
      that is highly card specific. What the AODF does contain however  is  a
      descriptive  label for each PIN, and additional information required to
      authenticate against this PIN (sorry if this is very vague, but  unless
      you really want to know, we'll better leave it at that, for the sake of
      your and my sanity :-).
 
      Each object stored in a PKCS #15 structure has an ID assigned to it, so
      that related objects can reference one another. For instance, if a pri-
      vate key is protected by a PIN, the PrKDF entry for this key will  con-
      tain  an Authentication ID field that points to the AODF entry for this
      PIN.
 
      Similarly, if the card contains a certificate corresponding to  a  pri-
      vate  key  stored  on this card, the CDF entry for the certificate will
      have the same ID as the PrKDF entry for the private key.  The  same  is
      true of public key objects.

BUGS

      This manual page is a little terse.
 
      The use of the term Directory File in PKCS #15 is somewhat unfortunate.
      Normally, a PKCS #15 DF is just a plain (elementary) file, not a direc-
      tory file in the sense of ISO  7816.

CATEGORY

Retrieved from "http://man-wiki.net/index.php/7:pkcs15"
Personal tools