Document toolboxDocument toolbox

Nexus Documentation
CURL vulnerability information (CVE-2023-38545) - Nexus awareness advisory on Microsoft's update KB5014754

Encoding description templates in Identity Manager

Owned by Ann Base (Deactivated)
Last updated: Dec 18, 2023 by Josefin Klang (Deactivated)
2 min read

An encoding description contains the information for the electronic personalization of a card. You import the encoding description from a file. This can be used in Smart ID Identity Manager (PRIME).

This article describes some simple use cases as templates for basic encoding descriptions. These templates are complete in the sense that they can be used "as is", but they cover only simple use-cases.



To create an encoding:

  1. Copy the code block into a text file and save it with the ending .dsc

  2. Zip the file to create a .dsz

  3. Upload it as you create a new encoding in Identity Manager Admin, see Set up card encoding description template in Identity Manager.



To update an existing encoding:

  1. Copy the code block and insert it in an selected existing encoding in Identity Manager Admin, see Set up card encoding description template in Identity Manager.



The use case is to set the PIN on an already initialized card, where

  • the PUK is provided from the application

  • the PIN is set by the user locally in a popup showing two fields, so that the user needs to confirm the PIN as well.

  1. Define like this in the encoding description:

    [Encoding] Type=1024,Chip Devices=8710 [Fields] PUKField= [Description] PKCS11Library=cvP11.dll SetPIN=true InitialPUK=PUKField PIN=!FROM_USER_DIALOG_2_FIELD





The use case is to change the PIN on an already initialized card, where

  • the PIN is set by the user locally in a popup showing three fields (Old PIN, New PIN and Confirmation of PIN).

  1. Define like this in the encoding description:

    [Encoding] Type=1024,Chip Devices=8710   [Fields]   [Description] PKCS11Library=cvP11.dll SetPIN=true PIN=!FROM_USER_DIALOG_3_FIELD





The use case is to:

  • initialize the card,

  • generate two key pairs on the smartcard,

  • request two certificates by PKCS#10 and

  • write them to the card (by use of certificate templates defined in Identity Manager Admin: "authentication": AuthCertificate and "signature": NonRepudiationCertificate),

    • where initial PIN and PUK are provided by the application

  1. Define like this in the encoding description:

    [Encoding] Type=1024,Chip Devices=8710 [Fields] AuthCertificate.DN= NonRepudiationCertificate.DN= PINField= PUKField= [Description] PKCS11Library=cvP11.dll ; Card initializaion, set initial PIN & PUK provided by server application, hard coded initial label InitToken=true InitialPUK=PUKField SetPin=true PIN=PINField InitialLabel=#neXus ClearFields=PINField,PUKField Applicationlist=AB [Application_A] CertTempl=AuthCertificate [Application_B] CertTempl=SigCertificate

    See also Certificates and keys in Identity Manager, section "PKCS#10 requests".



Related information

Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions