Diff for /wikisrc/tutorials/howto_bootstrap_the_ePass2003_smartcard.mdwn between versions 1.3 and 1.4

version 1.3, 2015/10/02 21:18:01 version 1.4, 2015/10/02 21:28:14
Line 1 Line 1
 First you need to Install security/ccid + security/opensc and it's dependencies.  First you need to Install security/ccid + security/opensc and it's dependencies.
   
 Once installed, start the pcscd daemon:  Once installed, start the pcscd daemon
   
 <code> /etc/rc.d/pcscd onestart </code>  <code> # /etc/rc.d/pcscd onestart</code>
   
 Check that OpenSC finds your ePass2003 smartcard  Verify that OpenSC finds your ePass2003 smartcard
   
 <pre><code> $ opensc-tool -n  <pre><code>$ opensc-tool -n
 Using reader with a card: Feitian ePass2003 00 00  Using reader with a card: Feitian ePass2003 00 00
 epass2003  epass2003
 </code></pre>  </code></pre>
   
 Start by erasing the card:  Start by erasing the card
   
 <code> $ pkcs15-init --erase-card </code>  <code> $ pkcs15-init --erase-card </code>
   
 Bootstrap the ePass2003  Bootstrap the ePass2003
   
 <pre><code> $ pkcs15-init --create-pkcs15 --profile pkcs15+onepin --label “pettai@NetBSD.org  <pre><code>$ pkcs15-init --create-pkcs15 --profile pkcs15+onepin --label “pettai@NetBSD.org
 Using reader with a card: Feitian ePass2003 00 00  Using reader with a card: Feitian ePass2003 00 00
 New User PIN.  New User PIN.
 Please enter User PIN:  Please enter User PIN:
Line 29  Please type again to verify: Line 29  Please type again to verify:
   
 Generate a new RSA key on the card  Generate a new RSA key on the card
   
 <pre><code> $ pkcs15-init --generate-key rsa/2048 --key-usage sign,decrypt --auth-id 01 --label “pettai@NetBSD.org  <pre><code>$ pkcs15-init --generate-key rsa/2048 --key-usage sign,decrypt --auth-id 01 --label “pettai@NetBSD.org
 Using reader with a card: Feitian ePass2003 00 00  Using reader with a card: Feitian ePass2003 00 00
 User PIN [User PIN] required.  User PIN [User PIN] required.
 Please enter User PIN [User PIN]:  Please enter User PIN [User PIN]:
 </code></pre>  </code></pre>
   
   Check the ID of the generated key 
   
 <pre><code> $ pkcs15-tool --dump  <pre><code>$ pkcs15-tool --dump
 Using reader with a card: Feitian ePass2003 00 00  Using reader with a card: Feitian ePass2003 00 00
 PKCS#15 Card [pettai@NetBSD.org]:  PKCS#15 Card [pettai@NetBSD.org]:
         Version        : 0          Version        : 0
Line 81  Public RSA Key [pettai@NetBSD.org] Line 82  Public RSA Key [pettai@NetBSD.org]
         ID             : 45d70cc6cdd46ce9914edcf6a81cb4fa60bf21ec          ID             : 45d70cc6cdd46ce9914edcf6a81cb4fa60bf21ec
 </code></pre>  </code></pre>
   
 Export the public key (and put it in your <code> .ssh/authorized_keys </code> file on your remote host):  Export the public key (and copy it to your <code> .ssh/authorized_keys </code> file on your remote host)
   
 <pre><code> $ pkcs15-tool --read-ssh-key 45d70cc6cdd46ce9914edcf6a81cb4fa60bf21ec   <pre><code>$ pkcs15-tool --read-ssh-key 45d70cc6cdd46ce9914edcf6a81cb4fa60bf21ec 
 Using reader with a card: Feitian ePass2003 00 00  Using reader with a card: Feitian ePass2003 00 00
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl/O9hhKOos+1KkL7Q/jqrmSN9EXKFP86kZp+nRyCDErYBNiNl4PTGBfS7sx//suPIxzw8epmHR26JSIq0e0ZErjwBMTDzksUwLJ3+hOMgVnlInYPn+p569EcHiIWsKurfZBClllNHOMmTf3ZblbpN3+lwQUHNaUFECmLeh+wcDq6wGnHyCYF/UPUkqr/eiO2DkAYRhCgyPSfcM6a41H4hPWvo/HZgZvq3+Rpd0NHHHdleWfqHlGrdt00nzFV1TCsW16VhGh0KBfSfTKhH2WywqKGL5ik7SS5pFbD/rFSqn5Toc68hrkfbTbb5WBep2JM6htsSLuJ4079EKV3tIfpF pettai@NetBSD.org  ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl/O9hhKOos+1KkL7Q/jqrmSN9EXKFP86kZp+nRyCDErYBNiNl4PTGBfS7sx//suPIxzw8epmHR26JSIq0e0ZErjwBMTDzksUwLJ3+hOMgVnlInYPn+p569EcHiIWsKurfZBClllNHOMmTf3ZblbpN3+lwQUHNaUFECmLeh+wcDq6wGnHyCYF/UPUkqr/eiO2DkAYRhCgyPSfcM6a41H4hPWvo/HZgZvq3+Rpd0NHHHdleWfqHlGrdt00nzFV1TCsW16VhGh0KBfSfTKhH2WywqKGL5ik7SS5pFbD/rFSqn5Toc68hrkfbTbb5WBep2JM6htsSLuJ4079EKV3tIfpF pettai@NetBSD.org
 </code></pre>  </code></pre>
   
 Use your smartcard private key then ssh:ing:  Now you can use your smartcard's private key then ssh:ing to your remote host
   
 <pre><code>  <pre><code>$ ssh -I /usr/pkg/lib/opensc-pkcs11.so pettai@localhost
 $ ssh -I /usr/pkg/lib/opensc-pkcs11.so pettai@localhost  
 Enter PIN for 'pettai@NetBSD.org (User PIN)':  Enter PIN for 'pettai@NetBSD.org (User PIN)':
 Last login: Fri Oct  2 15:41:21 2015 from 109.105.104.135  Last login: Fri Oct  2 15:41:21 2015 from 109.105.104.135
 NetBSD 7.99.19 (GENERIC) #0: Mon Jun 22 06:11:15 UTC 2015  NetBSD 7.99.19 (GENERIC) #0: Mon Jun 22 06:11:15 UTC 2015

Removed from v.1.3  
changed lines
  Added in v.1.4


CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb