Toomas Nurmoja wrote:
The probable reason for not being able to load an applet is TPS doesn't know the key set for the card. When installed by default, TPS (the part of RHCS that knows about card) has the developer key set for the old GemAlto egate tokens, so loading should work with developer cards. Otherwise you will need the key sets for the tokens loaded into TPS (usually there is a master key that the key sets are derived from and TPS is given that master key).On Friday 04 September 2009 17:04:41 you wrote:On 09/04/2009 02:33 AM, Toomas Nurmoja wrote:Hello, we decided in our company to implement PKI. The Dogtag project with Fedora 10 was the choise. A part of this PKI implementation is to use smart card as a repository for digital signing key. The Redhat certificate system documentation (http://www.redhat.com/docs/manuals/cert-system/8.0/install/html/BeforeIn stalling.html#supported-smart-cards) states that supported is "Gemalto TOP IM FIPS CY2 64K token, both as a smart card and GemPCKey USB form factor key" and "The only card manager applet supported with Certificate System is the CoolKey applet which ships with Red Hat Enterprise Linux 5.3." So now I have at my desk some cards named "TOP IM FIPS CY2 Codeshield (Old name = Cyberflex 64K v2)". It follows the JC2.1 / GP2.0.1 standards (http://www.gemalto.com/products/top_javacard/). I downloaded the coolkey applet (CardEdge.1.3.473df442.ijc) from the page http://directory.fedoraproject.org/wiki/AppletInformation. And gpshell toolkit (ver 1.4.2 for WindowsXP) from http://sourceforge.net/projects/globalplatform/.Not sure about gpshell. Have never played with it. But have you tried with our esc client and pki-tps server to perform like a "format" operation of the token ?Yes I have tried. Without proper applet (coolkey) inside the smartcard the esc and pki-tps will not recognize the card. My problem is that I am not able to load this applet into the card. I have tried esc only with Fedora 10 system. My next step is to try RHEL5 with RedHat Certificate System 8.0. May-be in RHEL5 has different coolkey applet...
(NOTE: if you try to load an applet too many times with the wrong key set, you may lock the keyset in the card with no way to recover;().
Toomas _______________________________________________ Coolkey-devel mailing list Coolkey-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/coolkey-devel
_______________________________________________ Coolkey-devel mailing list Coolkey-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/coolkey-devel