#
#	here are some notes i have gathered for a prject attempting
#	to use the cryptoflex crypto-smart cards for a project
#
#	using the commands below, i went from a blank card 
#	to generating a key, and encrypting and veryifying in all the 
#	ways that matter.. 
#
#	-phar 
#	phar[at]stonedcoder[dot]org
#


#blank out the card, it will still ask for a transport key
# 2c:15:e5:26:e9:3e:8a:19


	
#wipe the card, prepare it for use
	pkcs15-init -EC



#set a pin for the first user ID
	pkcs15-init -P -a 1 -l "my pin"



#generate a key
	openssl req -newkey rsa:1024 -keyout mykey.pem -out cert.pem



#move the private key to the card
	pkcs15-init -S mykey.pem -a 1 -u sign,decrypt


#view the keys
	pkcs15-tool  --list-key

root@rivest keys # pkcs15-tool  --list-key
Private RSA Key [Private Key]
        Com. Flags  : 3
        Usage       : [0x22E], decrypt, sign, signRecover, unwrap, 
nonRepudiation
        Access Flags: [0x1D], sensitive, alwaysSensitive, neverExtract, 
local
        ModLength   : 1024
        Key ref     : 0
        Native      : yes
        Path        : 3f0050154b0130450012
        Auth ID     : 01
        ID          : 45


# extract the public key
	pkcs15-tool --read-public-key 45 -o pubkey.pem



#encrypt data for the card
	openssl rsautl -encrypt -in test.txt -inkey mykey.pem -out 
cypher -pkcs


#decrypt the data using the card
	pkcs15-crypt  -c -i cypertextin --pkcs1 -o cleartextout



#have the card sign data
	openssl sha1 -binary test.txt > test.sha1
	pkcs15-crypt -s --sha-1  -i test.sha1 --pkcs1 -o test.sig


#verify the signature
	openssl dgst -sha1 -verify extracted_pubkey.pem  -signature 
test.sig test.txt