Create a keypair on Feitian ePass2003 tokens using OpenSC

The ePass2003 range of PKI tokens and smart cards from Feitian can be used with the OpenSC PKCS#11 and PKCS#15 utilities and libraries.

This guide explains how to initialise ePass2003 correctly for use with OpenSC.


  1. To create an RSA keypair on the token you must issue the following command:

    pkcs15‑init ‑‑generate‑key rsa/2048 ‑‑id 010203 ‑‑key‑usage sign,decrypt ‑‑auth‑id 01 ‑‑label "MyKey"

    This creates a key with the ID "010203" but you can change this to another hexadecimal ID of your choosing.

  2. You can extract the public key in PEM format using this command:

    pkcs15‑tool ‑‑read‑public‑key 010203 > 010203‑public.pem
  3. That's it! You can now use the token to perform onboard cryptographic operations. See the related topics below for more information.

Related Topics