Create a keypair on Feitian ePass2003 tokens using OpenSC

The ePass2003 range of PKI tokens and smart cards from Feitian can be used with the OpenSC PKCS#11 and PKCS#15 utilities and libraries.

This guide explains how to initialise ePass2003 correctly for use with OpenSC.

IMPORTANT: You must initialize the token/card using the pkcs15-init command before you can create keypairs. The guide for this is here.

Step 1. To create an RSA keypair on the token you must issue the following command:

pkcs15-init --generate-key rsa/2048 --id 010203 --key-usage sign,decrypt --auth-id 01 --label "MyKey"

This creates a key with the ID "010203" but you can change this to another hexadecimal ID of your choosing.

Step 2. You can extract the public key in PEM format using this command:

pkcs15-tool --read-public-key 010203 > 010203-public.pem

That's it! You can now use the token to perform onboard cryptographic operations – please see Related Topics for more information.

• Initialising Feitian ePass2003 tokens using OpenSC
• Encryption/Decryption with Feitian ePass2003 tokens using OpenSC