Create a keypair on Feitian ePass2003 tokens using OpenSC

The ePass2003 range of PKI tokens and smart cards from Feitian can be used with the OpenSC PKCS#11 and PKCS#15 utilities and libraries.

This guide explains how to initialise ePass2003 correctly for use with OpenSC.

Steps

  1. To create an RSA keypair on the token you must issue the following command:

    pkcs15‑init ‑‑generate‑key rsa/2048 ‑‑id 010203 ‑‑key‑usage sign,decrypt ‑‑auth‑id 01 ‑‑label "MyKey"

    This creates a key with the ID "010203" but you can change this to another hexadecimal ID of your choosing.

  2. You can extract the public key in PEM format using this command:

    pkcs15‑tool ‑‑read‑public‑key 010203 > 010203‑public.pem
  3. That's it! You can now use the token to perform onboard cryptographic operations. See the related topics below for more information.

Related Topics