diff --git a/doc/examples/create-files-demo.cxx b/doc/examples/create-files-demo.cxx
index 8751e52..e6bd53f 100644
--- a/doc/examples/create-files-demo.cxx
+++ b/doc/examples/create-files-demo.cxx
@@ -38,7 +38,10 @@ void list() {
 
 int main(int argc, char** argv) try {
   int reader(0);
+  std::string pin;
   std::string path("3f005015");
+  std::string id("8888");
+  std::string data("Hallo Welt");
   mrw::args::parse(argc, argv, "Write data to card.",
                    mrw::args::defaults()
                    <<mrw::args::decl("l", "list", "list readers",
@@ -51,6 +54,15 @@ int main(int argc, char** argv) try {
                    <<mrw::args::decl("p", "path", "full path",
                                      mrw::args::decl::param_list()
                                      <<mrw::args::param(path, "path"))
+                   <<mrw::args::decl("l", "pin", "full path",
+                                     mrw::args::decl::param_list()
+                                     <<mrw::args::param(path, "path"))
+                   <<mrw::args::decl("i", "id", "file id",
+                                     mrw::args::decl::param_list()
+                                     <<mrw::args::param(id, "file"))
+                   <<mrw::args::decl("d", "data", "data",
+                                     mrw::args::decl::param_list()
+                                     <<mrw::args::param(data, "text"))
                    );
   pcsc::Connection c;
   pcsc::Connection::Strings readers(c.scan());
@@ -62,9 +74,17 @@ int main(int argc, char** argv) try {
   //cardos::BerValues d(cmd.directory(path));
   //cardos::BerValues d(cmd.readBerFile(path));
   //std::cout<<d.print()<<std::endl;
-  std::string res(cmd.readBinary(path));
-  std::cout<<"HEX:"<<std::endl<<crypto::readable(res)<<std::endl;
-  std::cout<<"BER:"<<std::endl<<cardos::BerValues(res).print()<<std::endl;
+  //std::string res(cmd.readBinary(path));
+  //std::cout<<"HEX:"<<std::endl<<crypto::readable(res)<<std::endl;
+  //std::cout<<"BER:"<<std::endl<<cardos::BerValues(res).print()<<std::endl;
+  if (!pin.size()) {
+    std::cout<<"PIN: ";
+    std::cin>>pin;
+  }
+  if (pin.size()) cmd.logonTransport(pin);
+  cmd.phaseControl();
+  cmd.createBinary(path, id, data);
+  cmd.phaseControl();
   return 0;
  } catch (std::exception& x) {
   std::cerr<<"ERROR: "<<x.what()<<std::endl;
diff --git a/src/cardos.hxx b/src/cardos.hxx
index 5d0cbec..f8a391c 100644
--- a/src/cardos.hxx
+++ b/src/cardos.hxx
@@ -15,8 +15,12 @@
 #include <stdexcept>
 
 #ifndef CARDOS_LOG
-#define CARDOS_LOG(X) // no logging by default
+#  ifdef DEBUG_SECRETS
+#    define CARDOS_LOG(X) std::clog<<X<<std::endl
+#  else
+#    define CARDOS_LOG(X) // no logging by default
 // use e.g. #define CARDOS_LOG(X) std::clog<<X<<std::endl
+#  endif
 #endif
 
 /** @defgroup gcardos C++ Access to Siemens CardOS 4.4
@@ -98,6 +102,13 @@ namespace cardos {
       }
   };
   //----------------------------------------------------------------------------
+  class too_large_for_tlv: public wrong_dataformat {
+    public:
+      too_large_for_tlv(const std::string& data) throw():
+          wrong_dataformat(data, "data size too long for TLV") {
+      }
+  };
+  //----------------------------------------------------------------------------
   class array_range: public exception {
     public:
       array_range(unsigned int i, unsigned int j) throw():
@@ -193,6 +204,9 @@ namespace cardos {
       
       BerValue(unsigned char tag, const std::vector<BerValue>& values):
           _tag(tag), _sequence(values) {
+        if (!isContainer())
+          throw runtime_error("BER tag 0x"+crypto::binToHex(tag)
+                              +" is not a container");
       }
       
       unsigned char tagClass() {
@@ -224,16 +238,22 @@ namespace cardos {
         return _sequence[i];
       }
 
-      operator std::string() {
+      std::string binary() {
         std::string res;
         res.push_back(_tag);
         if (isContainer()) {
+          std::string seq;
           for (std::vector<BerValue>::iterator it(_sequence.begin());
                it!=_sequence.end(); ++it) {
-            res += *it;
+            seq += it->binary();
           }
+          if (seq.size()>255) throw too_large_for_tlv(seq);
+          res += (char)seq.size();
+          res += seq;
         } else {
-          (res += (char)_value.size()) += _value;
+          if (_value.size()>255) throw too_large_for_tlv(_value);
+          res += (char)_value.size();
+          res += _value;
         }
         return res;
       }
@@ -345,10 +365,20 @@ namespace cardos {
         while (contentCopy.size()) push_back(BerValue(contentCopy));
         return *this;
       }
+      BerValues& operator+=(const BerValue& value) {
+        push_back(value);
+        return *this;
+      }
       BerValues& operator+=(const BerValues& values) {
         insert(end(), values.begin(), values.end());
         return *this;
       }
+      std::string binary() {
+        std::string res;
+        for (BerValues::iterator it(begin()); it!=end(); ++it)
+          res += it->binary();
+        return res;
+      }
       std::string print(int indent=0, int indentStep = 4) {
         std::stringstream ss;
         if (size()==1) {
@@ -639,10 +669,14 @@ namespace cardos {
         if (path.size()) select(path);
         BerValues c;
         c += BerValue(0x80, crypto::toBinary(data.size()));
+        c += BerValue(0x82, crypto::hexToBin("01"));
         std::string idbin(crypto::hexToBin(id));
         if (idbin.size()!=2) throw runtime_error("file id must be two bytes");
         c += BerValue(0x83, idbin);
-        check(send(0x00, 0xE0, 0x00, 0x00, BerValue(82, c)));
+        c += BerValue(0x85, std::string(1, (char)(1<<7)));
+        c += BerValue(0x86, crypto::hexToBin("00000000000000"));
+        check(send(0x00, 0xE0, 0x00, 0x00, BerValue(0x62, c).binary()));
+        updateBinary(data);
       }
 
       //! Deactivates a file or a file tree
@@ -853,7 +887,7 @@ namespace cardos {
 
       //! Changes from life cycle phase ADMINISTRATION to OPERATIONAL
       //! and vice versa.
-      /*! The command changes theglobal life cycle phase of the smart
+      /*! The command changes the global life cycle phase of the smart
           card from ADMINISTRATION to OPERATIONAL. This change is
           permanently valid for all DFs and will be stored in EEPROM,
           i.e. this life cycle phase is still valid after a reset of
@@ -1187,7 +1221,7 @@ namespace cardos {
 
       /// Generic select file
       void select(std::string path) {
-        CRYPTOLOG("log");
+        CRYPTOLOG("log: select "<<path);
         check(send(0x00, 0xA4, 0x08, 0x0C, crypto::hexToBin(path)));
       }
 
diff --git a/src/cryptaux.hxx b/src/cryptaux.hxx
index 8421e3e..46d7be3 100644
--- a/src/cryptaux.hxx
+++ b/src/cryptaux.hxx
@@ -171,6 +171,7 @@ namespace crypto {
       res[bytes-i-1] = data&0xff;
       data>>=8;
     }
+    return res;
   }
   
   /// convert integer from binary of given size
diff --git a/src/openssl-engine.cxx b/src/openssl-engine.cxx
index 13bd029..d5ea2c1 100644
--- a/src/openssl-engine.cxx
+++ b/src/openssl-engine.cxx
@@ -1,6 +1,10 @@
 /*! @file
 
     @id $Id$
+
+    This product includes software developed by the OpenSSL Project
+    for use in the OpenSSL Toolkit (http://www.openssl.org/)
+    
 */
 //       1         2         3         4         5         6         7         8
 // 45678901234567890123456789012345678901234567890123456789012345678901234567890
diff --git a/src/openssl-engine.hxx b/src/openssl-engine.hxx
index 0f1f9fa..1af1410 100644
--- a/src/openssl-engine.hxx
+++ b/src/openssl-engine.hxx
@@ -1,6 +1,10 @@
 /*! @file
 
     @id $Id$
+
+    This product includes software developed by the OpenSSL Project
+    for use in the OpenSSL Toolkit (http://www.openssl.org/)
+    
 */
 //       1         2         3         4         5         6         7         8
 // 45678901234567890123456789012345678901234567890123456789012345678901234567890
diff --git a/src/openssl.hxx b/src/openssl.hxx
index c374720..e45569a 100644
--- a/src/openssl.hxx
+++ b/src/openssl.hxx
@@ -1,6 +1,10 @@
 /*! @file
 
     @id $Id$
+
+    This product includes software developed by the OpenSSL Project
+    for use in the OpenSSL Toolkit (http://www.openssl.org/)
+    
 */
 //       1         2         3         4         5         6         7         8
 // 45678901234567890123456789012345678901234567890123456789012345678901234567890