|
version 1.3, 2015/10/02 21:18:01
|
version 1.4, 2015/10/02 21:28:14
|
|
Line 1
|
Line 1
|
| First you need to Install security/ccid + security/opensc and it's dependencies. |
First you need to Install security/ccid + security/opensc and it's dependencies. |
| |
|
| Once installed, start the pcscd daemon: |
Once installed, start the pcscd daemon |
| |
|
| <code> /etc/rc.d/pcscd onestart </code> |
<code> # /etc/rc.d/pcscd onestart</code> |
| |
|
| Check that OpenSC finds your ePass2003 smartcard |
Verify that OpenSC finds your ePass2003 smartcard |
| |
|
| <pre><code> $ opensc-tool -n |
<pre><code>$ opensc-tool -n |
| Using reader with a card: Feitian ePass2003 00 00 |
Using reader with a card: Feitian ePass2003 00 00 |
| epass2003 |
epass2003 |
| </code></pre> |
</code></pre> |
| |
|
| Start by erasing the card: |
Start by erasing the card |
| |
|
| <code> $ pkcs15-init --erase-card </code> |
<code> $ pkcs15-init --erase-card </code> |
| |
|
| Bootstrap the ePass2003 |
Bootstrap the ePass2003 |
| |
|
| <pre><code> $ pkcs15-init --create-pkcs15 --profile pkcs15+onepin --label “pettai@NetBSD.org” |
<pre><code>$ pkcs15-init --create-pkcs15 --profile pkcs15+onepin --label “pettai@NetBSD.org” |
| Using reader with a card: Feitian ePass2003 00 00 |
Using reader with a card: Feitian ePass2003 00 00 |
| New User PIN. |
New User PIN. |
| Please enter User PIN: |
Please enter User PIN: |
|
Line 29 Please type again to verify:
|
Line 29 Please type again to verify:
|
| |
|
| Generate a new RSA key on the card |
Generate a new RSA key on the card |
| |
|
| <pre><code> $ pkcs15-init --generate-key rsa/2048 --key-usage sign,decrypt --auth-id 01 --label “pettai@NetBSD.org” |
<pre><code>$ pkcs15-init --generate-key rsa/2048 --key-usage sign,decrypt --auth-id 01 --label “pettai@NetBSD.org” |
| Using reader with a card: Feitian ePass2003 00 00 |
Using reader with a card: Feitian ePass2003 00 00 |
| User PIN [User PIN] required. |
User PIN [User PIN] required. |
| Please enter User PIN [User PIN]: |
Please enter User PIN [User PIN]: |
| </code></pre> |
</code></pre> |
| |
|
| |
Check the ID of the generated key |
| |
|
| <pre><code> $ pkcs15-tool --dump |
<pre><code>$ pkcs15-tool --dump |
| Using reader with a card: Feitian ePass2003 00 00 |
Using reader with a card: Feitian ePass2003 00 00 |
| PKCS#15 Card [pettai@NetBSD.org]: |
PKCS#15 Card [pettai@NetBSD.org]: |
| Version : 0 |
Version : 0 |
|
Line 81 Public RSA Key [pettai@NetBSD.org]
|
Line 82 Public RSA Key [pettai@NetBSD.org]
|
| ID : 45d70cc6cdd46ce9914edcf6a81cb4fa60bf21ec |
ID : 45d70cc6cdd46ce9914edcf6a81cb4fa60bf21ec |
| </code></pre> |
</code></pre> |
| |
|
| Export the public key (and put it in your <code> .ssh/authorized_keys </code> file on your remote host): |
Export the public key (and copy it to your <code> .ssh/authorized_keys </code> file on your remote host) |
| |
|
| <pre><code> $ pkcs15-tool --read-ssh-key 45d70cc6cdd46ce9914edcf6a81cb4fa60bf21ec |
<pre><code>$ pkcs15-tool --read-ssh-key 45d70cc6cdd46ce9914edcf6a81cb4fa60bf21ec |
| Using reader with a card: Feitian ePass2003 00 00 |
Using reader with a card: Feitian ePass2003 00 00 |
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl/O9hhKOos+1KkL7Q/jqrmSN9EXKFP86kZp+nRyCDErYBNiNl4PTGBfS7sx//suPIxzw8epmHR26JSIq0e0ZErjwBMTDzksUwLJ3+hOMgVnlInYPn+p569EcHiIWsKurfZBClllNHOMmTf3ZblbpN3+lwQUHNaUFECmLeh+wcDq6wGnHyCYF/UPUkqr/eiO2DkAYRhCgyPSfcM6a41H4hPWvo/HZgZvq3+Rpd0NHHHdleWfqHlGrdt00nzFV1TCsW16VhGh0KBfSfTKhH2WywqKGL5ik7SS5pFbD/rFSqn5Toc68hrkfbTbb5WBep2JM6htsSLuJ4079EKV3tIfpF pettai@NetBSD.org |
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl/O9hhKOos+1KkL7Q/jqrmSN9EXKFP86kZp+nRyCDErYBNiNl4PTGBfS7sx//suPIxzw8epmHR26JSIq0e0ZErjwBMTDzksUwLJ3+hOMgVnlInYPn+p569EcHiIWsKurfZBClllNHOMmTf3ZblbpN3+lwQUHNaUFECmLeh+wcDq6wGnHyCYF/UPUkqr/eiO2DkAYRhCgyPSfcM6a41H4hPWvo/HZgZvq3+Rpd0NHHHdleWfqHlGrdt00nzFV1TCsW16VhGh0KBfSfTKhH2WywqKGL5ik7SS5pFbD/rFSqn5Toc68hrkfbTbb5WBep2JM6htsSLuJ4079EKV3tIfpF pettai@NetBSD.org |
| </code></pre> |
</code></pre> |
| |
|
| Use your smartcard private key then ssh:ing: |
Now you can use your smartcard's private key then ssh:ing to your remote host |
| |
|
| <pre><code> |
<pre><code>$ ssh -I /usr/pkg/lib/opensc-pkcs11.so pettai@localhost |
| $ ssh -I /usr/pkg/lib/opensc-pkcs11.so pettai@localhost |
|
| Enter PIN for 'pettai@NetBSD.org (User PIN)': |
Enter PIN for 'pettai@NetBSD.org (User PIN)': |
| Last login: Fri Oct 2 15:41:21 2015 from 109.105.104.135 |
Last login: Fri Oct 2 15:41:21 2015 from 109.105.104.135 |
| NetBSD 7.99.19 (GENERIC) #0: Mon Jun 22 06:11:15 UTC 2015 |
NetBSD 7.99.19 (GENERIC) #0: Mon Jun 22 06:11:15 UTC 2015 |
![[BACK]](/icons/back.gif){kind=icon}
Return to howto_bootstrap_the_ePass2003_smartcard.mdwn CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [NetBSD Developer Wiki] / wikisrc / tutorials