Annotation of wikisrc/tutorials/howto_bootstrap_the_ePass2003_smartcard.mdwn, revision 1.2

1.1       wiki        1: First you need to Install devel/ccid + security/opensc and it's dependencies.
                      2: 
                      3: Once installed, start the pcscd daemon:
                      4: 
                      5: <code> /etc/rc.d/pcscd onestart </code>
                      6: 
                      7: Check that OpenSC finds your ePass2003 smartcard
                      8: 
                      9: <pre><code> $ opensc-tool -n
                     10: Using reader with a card: Feitian ePass2003 00 00
                     11: epass2003
1.2     ! wiki       12: </code></pre>
1.1       wiki       13: 
                     14: Start by erasing the card:
                     15: 
                     16: <code> $ pkcs15-init --erase-card </code>
                     17: 
                     18: Bootstrap the ePass2003
                     19: 
                     20: <pre><code> $ pkcs15-init --create-pkcs15 --profile pkcs15+onepin --label “pettai@NetBSD.org”
                     21: Using reader with a card: Feitian ePass2003 00 00
                     22: New User PIN.
                     23: Please enter User PIN:
                     24: Please type again to verify:
                     25: Unblock Code for New User PIN (Optional - press return for no PIN).
                     26: Please enter User unblocking PIN (PUK):
                     27: Please type again to verify:
                     28: </code></pre>
                     29: 
                     30: Generate a new RSA key on the card
                     31: 
                     32: <pre><code> $ pkcs15-init --generate-key rsa/2048 --key-usage sign,decrypt --auth-id 01 --label “pettai@NetBSD.org”
                     33: Using reader with a card: Feitian ePass2003 00 00
                     34: User PIN [User PIN] required.
                     35: Please enter User PIN [User PIN]:
                     36: </code></pre>
                     37: 
                     38: 
                     39: <pre><code> $ pkcs15-tool --dump
                     40: Using reader with a card: Feitian ePass2003 00 00
                     41: PKCS#15 Card [pettai@NetBSD.org]:
                     42:         Version        : 0
                     43:         Serial number  : 0926531503081201
                     44:         Manufacturer ID: EnterSafe
                     45:         Last update    : 20151002154352Z
                     46:         Flags          : EID compliant
                     47: 
                     48: PIN [User PIN]
                     49:         Object Flags   : [0x3], private, modifiable
                     50:         ID             : 01
                     51:         Flags          : [0x32], local, initialized, needs-padding
                     52:         Length         : min_len:4, max_len:16, stored_len:16
                     53:         Pad char       : 0x00
                     54:         Reference      : 1 (0x01)
                     55:         Type           : ascii-numeric
                     56:         Path           : 3f005015
                     57: 
                     58: Private RSA Key [pettai@NetBSD.org]
                     59:         Object Flags   : [0x3], private, modifiable
                     60:         Usage          : [0x2E], decrypt, sign, signRecover, unwrap
                     61:         Access Flags   : [0x1D], sensitive, alwaysSensitive, neverExtract, local
                     62:         ModLength      : 2048
                     63:         Key ref        : 0 (0x0)
                     64:         Native         : yes
                     65:         Path           : 3f0050152900
                     66:         Auth ID        : 01
                     67:         ID             : 45d70cc6cdd46ce9914edcf6a81cb4fa60bf21ec
                     68:         MD:guid        : {ceefd809-2b85-adf5-c5a6-1205790bc09e}
                     69:           :cmap flags  : 0x0
                     70:           :sign        : 0
                     71:           :key-exchange: 0
                     72: 
                     73: Public RSA Key [pettai@NetBSD.org]
                     74:         Object Flags   : [0x2], modifiable
                     75:         Usage          : [0xD1], encrypt, wrap, verify, verifyRecover
                     76:         Access Flags   : [0x0]
                     77:         ModLength      : 2048
                     78:         Key ref        : 0 (0x0)
                     79:         Native         : no
                     80:         Path           : 3f0050153000
                     81:         ID             : 45d70cc6cdd46ce9914edcf6a81cb4fa60bf21ec
                     82: </code></pre>
                     83: 
                     84: Export the public key (and put it in your <code> .ssh/authorized_keys </code> file on your remote host):
                     85: 
                     86: <pre><code> $ pkcs15-tool --read-ssh-key 45d70cc6cdd46ce9914edcf6a81cb4fa60bf21ec 
                     87: Using reader with a card: Feitian ePass2003 00 00
                     88: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl/O9hhKOos+1KkL7Q/jqrmSN9EXKFP86kZp+nRyCDErYBNiNl4PTGBfS7sx//suPIxzw8epmHR26JSIq0e0ZErjwBMTDzksUwLJ3+hOMgVnlInYPn+p569EcHiIWsKurfZBClllNHOMmTf3ZblbpN3+lwQUHNaUFECmLeh+wcDq6wGnHyCYF/UPUkqr/eiO2DkAYRhCgyPSfcM6a41H4hPWvo/HZgZvq3+Rpd0NHHHdleWfqHlGrdt00nzFV1TCsW16VhGh0KBfSfTKhH2WywqKGL5ik7SS5pFbD/rFSqn5Toc68hrkfbTbb5WBep2JM6htsSLuJ4079EKV3tIfpF pettai@NetBSD.org
                     89: </code></pre>
                     90: 
                     91: Use your smartcard private key then ssh:ing:
                     92: 
                     93: <pre><code>
                     94: $ ssh -I /usr/pkg/lib/opensc-pkcs11.so pettai@localhost
                     95: Enter PIN for 'pettai@NetBSD.org (User PIN)':
                     96: Last login: Fri Oct  2 15:41:21 2015 from 109.105.104.135
                     97: NetBSD 7.99.19 (GENERIC) #0: Mon Jun 22 06:11:15 UTC 2015
                     98: </code></pre>

CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb