An encoding description contains the information for the electronic personalization of a card. You import the encoding description from a file. This can be used in Smart ID Identity Manager.
This article describes how you create descriptions for encoding of SITHS cards using the Secmaker Net iD middleware.
Prerequisites
Smart ID IDM version
You need at least version 20.11.1 of Smart ID Identity Manager. Encoding is supported both through JPKIEncoder and Smart ID Desktop App.
SITHS Cards
This SITHS card model is supported:
- GEMALTO IDPrime SIS
Secmaker Middleware DLLs
Version 6.8.2.38 of the Secmaker middleware is supported. Note that the 64 bit DLL supplied in the installer is incompatible and a special build has to be used instead (download link supplied below).
| Architecture | DLL | Supported | Notes |
|---|---|---|---|
| 32 bit | idp11.dll |  | included in installer |
| 64 bit | idp11.dll |  | included in installer, widely incompatible with third-party software due to use of 64 bit U_LONG type - avoid this one! |
| 64 bit | iidxp11_u32.dll | | ULONG_32 build, download 6.8.2.38-iidxp11_u32.dll and copy to C:\Program Files\Net iD\iidxp11_u32.dll |
Supported Features
A strictly limited feature-set for encoding SITHS cards via the Secmaker Net iD middleware is supported, as described below.
Everything not listed below is not supported with SITHS cards / Secmaker in Smart ID Identity Manager.
Requesting One Additional Certificate
We support requesting exactly one additional certificate per SITHS card (in addition to those certificates already present).
This certificate will be written to the identification slot of the card - other slots are not supported. The identification PIN must be used.
It is mandatory that this certificate has unique key usage flags, unlike any other certificate on the same slot, if later deletion via Identity Manager is desired.
- Define like this in the encoding description:
... [Description] PKCS11LibraryWindows32=C:/Program Files (x86)/Net iD/iidp11.dll # path to ULONG_32 build of the DLL PKCS11LibraryWindows64=C:/Program Files/Net iD/iidxp11_u32.dll ApplicationList=A # note: replace example PIN definition PIN=#000000 [Application_A] # set your cert template here CertTempl=CERT_TEMPLATE_NAME_GOES_HERE # we do not support writing CA certificates, so always set StoreUserCertOnly to true StoreUserCertOnly=true # we must use an existing key pair UseExistingKeyPair=true # we must read the existing key ID ReadExistingPublicKeyID=true # cert label must be "identification" LabelTemplate=fixtext=identification # we must use the public key with the label "idenfification" ObjectCriteria=CKO_PUBLIC_KEY,CKA_LABEL,string,"identification" # we must return the public key to a field PubKeyReturnField=FIELD_NAME_FOR_PUBLIC_KEY_GOES_HERE
Certificate Deletion By Exact Key Usage Match
We support deletion of certificate(s) from the identification slot of the card by specifying the unique key usage flags of the certificate(s) to be removed.
Deletion from other slots is not supported. The identification PIN must be used.
- Define like this in the encoding description:
... [Description] PKCS11LibraryWindows32=C:/Program Files (x86)/Net iD/iidp11.dll # path to ULONG_32 build of the DLL PKCS11LibraryWindows64=C:/Program Files/Net iD/iidxp11_u32.dll ApplicationList=A # note: replace example PIN definition PIN=#000000 [Application_A] # activate deletion DeleteCertKeyObjects=true # do not delete key, only the cert DeleteCertsOnly=true # the key usages here are just an example! they must UNIQUELY match only those certificates you wish to delete! # the following line would only match those certs that have # both keyEncipherment and dataEncipherment, but no other key usages set: DeleteCertKeyObjectsCriteria=Key_Usage(keyEncipherment,dataEncipherment)
This article is valid for Smart ID 20.11.1 and later.