Encryption/Decryption with Feitian ePass2003 tokens using OpenSC

The ePass2003 range of PKI tokens and smart cards from Feitian can be used with the OpenSC PKCS#11 and PKCS#15 utilities and libraries.

This guide shows you how to leverage the token to decrypt some data that has been encrypted with the public key using another tool.

You must initialise the token/card and create the encryption keys before following the steps in this guide. Guides for these steps can be found in Related Topics below.

Steps

Assuming you have the public key exported to the file 010203‑public.pem from the previous guide you can encrypt data using any tool which accepts a PEM-encoded public key. Here we will use the OpenSSL toolkit as an example.
Here we will encrypt a file using the openssl rsautl tool (replace INPUT_FILENAME with a file of your choosing):
openssl rsautl ‑in INPUT_FILENAME ‑encrypt ‑pkcs ‑pubin ‑inkey 010203‑public.pem ‑out encrypted.bin
You will now have your encrypted data in the file encrypted.bin which we can decrypt using the private key onboard the token (replace OUTPUT_FILENAME with a filename of your choosing):
pkcs15‑crypt ‑‑decipher ‑‑key 010203 ‑‑pkcs1 ‑‑raw ‑‑input encrypted.bin > OUTPUT_FILENAME
That's it! Your decrypted data will be in OUTPUT_FILENAME.