Skip to content

Feitian ePass2003

Jump to bottom
Jakub Jelen edited this page Aug 21, 2023 · 17 revisions

Feitian ePass2003

Feitian offers the ePass2003, a USB crypto token with high performance smart card chip and CCID interface.

The ePass2003 is the successor of the ePass PKI and the ePass3000, and was released to the public in December 2011.
The ePass2003 relies on one single ST Microelectronics chip, designed in Europe with Common Criteria EAL 5+ certification.
It weights only 6 gr and fits very well into a key ring with only 53 mm lenght, thus being one of the smallest tokens available to date.

The ePass2003 was designed for Free Software communities, especially the OpenSC community to provide a “universal” cryptographic token.

Feitian offers Windows CSP drivers and also provides Linux and Mac OS X drivers.

On the other hand, Feitian takes an active part in the development of OpenSC, offering a free sofware driver to the OpenSC community. The driver of ePass2003 in OpenSC is called “epass2003”. It is currently available from GIT and being reviewed for inclusion in OpenSC. GOOZE and Feitian take active part in the OpenSC project.

This gives users the ability to use either proprietary or open-source software, which is the best to answer all needs. For example, under Windows7, drivers(Microsoft Minidriver) are distributed using Windows update, requiring no actions from users.

Compilation instructions:
Please check openSC official website.

Product page:
http://ftsafe.com/products/PKI/Standard
Buy samples: http://ftsafe.com/onlinestore/index

Setting up the token

The token can be set up using standard OpenSC tools, such as pkcs15-init. The token is using default transport keys (unless changed) so we can start with erasing the card:

$ pkcs15-init -E -T

After that we need to create the pkcs15 filesystem and PINs:

$ pkcs15-init —create-pkcs15 -T -p pkcs15+onepin —pin 123456 —puk 12345678

To generate RSA key pair on the token:

$ pkcs15-init —generate-key rsa/2048 -l “RSA2k key” -a 01 -i 01 —so-pin 12345678 —pin 123456 $ pkcs15-init —generate-key rsa/2048 -l “RSA2k encryption key” -a 01 -i 02 —pin 123456 —key-usage decrypt

The newer tokens support also Elliptic curves. To generate a EC key, use the similar command:

$ pkcs15-init —generate-key ec/prime256v1 -a 01 -i 03 —pin 123456

The driver also supports loading existing keys to the token with the following command:

$ pkcs15-init —store-private-key rsa-key.pem -a 01 —key-usage sign,decrypt —pin 123456

FAQ

For users which get the error “Failed to erase card: Security status not satisfied” while erasing card, please download fix tool from below. After running fix-tool as root, please do remove and re-plug the token/card.
The tool which addresses the issue below:
With x86 and x64: Download fix_tool
With armhf arch: Download fix_tool

Thanks

Big thanks to GOOZE and Feitian, for their technical help and donating hardware tokens.

Warning: Due to attempts to plant malicious links to our wiki, it is no longer open to anyone to edit. If you want to contribute to this, wiki, please open a pull request here: https://github.com/OpenSC/Wiki

Quick Start

User Documentation

Developer Documentation

Clone this wiki locally