Create a keypair on Feitian ePass2003 tokens using OpenSC

The ePass2003 range of PKI tokens and smart cards from Feitian can be used with the OpenSC PKCS#11 and PKCS#15 utilities and libraries.

This guide explains how to initialise ePass2003 correctly for use with OpenSC.

You must initialise the token/card using the pkcs15-init command before you can create keypairs. Initialisation is covered in this guide.

Steps

To create an RSA keypair on the token you must issue the following command:
pkcs15‑init ‑‑generate‑key rsa/2048 ‑‑id 010203 ‑‑key‑usage sign,decrypt ‑‑auth‑id 01 ‑‑label "MyKey"
This creates a key with the ID "010203" but you can change this to another hexadecimal ID of your choosing.
You can extract the public key in PEM format using this command:
pkcs15‑tool ‑‑read‑public‑key 010203 > 010203‑public.pem
That's it! You can now use the token to perform onboard cryptographic operations. See the related topics below for more information.