Annotation of wikisrc/tutorials/howto_bootstrap_the_ePass2003_smartcard.mdwn, revision 1.4

1.3       wiki        1: First you need to Install security/ccid + security/opensc and it's dependencies.
1.1       wiki        2: 
1.4     ! wiki        3: Once installed, start the pcscd daemon
1.1       wiki        4: 
1.4     ! wiki        5: <code> # /etc/rc.d/pcscd onestart</code>
1.1       wiki        6: 
1.4     ! wiki        7: Verify that OpenSC finds your ePass2003 smartcard
1.1       wiki        8: 
1.4     ! wiki        9: <pre><code>$ opensc-tool -n
1.1       wiki       10: Using reader with a card: Feitian ePass2003 00 00
                     11: epass2003
1.2       wiki       12: </code></pre>
1.1       wiki       13: 
1.4     ! wiki       14: Start by erasing the card
1.1       wiki       15: 
                     16: <code> $ pkcs15-init --erase-card </code>
                     17: 
                     18: Bootstrap the ePass2003
                     19: 
1.4     ! wiki       20: <pre><code>$ pkcs15-init --create-pkcs15 --profile pkcs15+onepin --label “pettai@NetBSD.org1.1       wiki       21: Using reader with a card: Feitian ePass2003 00 00
                     22: New User PIN.
                     23: Please enter User PIN:
                     24: Please type again to verify:
                     25: Unblock Code for New User PIN (Optional - press return for no PIN).
                     26: Please enter User unblocking PIN (PUK):
                     27: Please type again to verify:
                     28: </code></pre>
                     29: 
                     30: Generate a new RSA key on the card
                     31: 
1.4     ! wiki       32: <pre><code>$ pkcs15-init --generate-key rsa/2048 --key-usage sign,decrypt --auth-id 01 --label “pettai@NetBSD.org1.1       wiki       33: Using reader with a card: Feitian ePass2003 00 00
                     34: User PIN [User PIN] required.
                     35: Please enter User PIN [User PIN]:
                     36: </code></pre>
                     37: 
1.4     ! wiki       38: Check the ID of the generated key 
1.1       wiki       39: 
1.4     ! wiki       40: <pre><code>$ pkcs15-tool --dump
1.1       wiki       41: Using reader with a card: Feitian ePass2003 00 00
                     42: PKCS#15 Card [pettai@NetBSD.org]:
                     43:         Version        : 0
                     44:         Serial number  : 0926531503081201
                     45:         Manufacturer ID: EnterSafe
                     46:         Last update    : 20151002154352Z
                     47:         Flags          : EID compliant
                     48: 
                     49: PIN [User PIN]
                     50:         Object Flags   : [0x3], private, modifiable
                     51:         ID             : 01
                     52:         Flags          : [0x32], local, initialized, needs-padding
                     53:         Length         : min_len:4, max_len:16, stored_len:16
                     54:         Pad char       : 0x00
                     55:         Reference      : 1 (0x01)
                     56:         Type           : ascii-numeric
                     57:         Path           : 3f005015
                     58: 
                     59: Private RSA Key [pettai@NetBSD.org]
                     60:         Object Flags   : [0x3], private, modifiable
                     61:         Usage          : [0x2E], decrypt, sign, signRecover, unwrap
                     62:         Access Flags   : [0x1D], sensitive, alwaysSensitive, neverExtract, local
                     63:         ModLength      : 2048
                     64:         Key ref        : 0 (0x0)
                     65:         Native         : yes
                     66:         Path           : 3f0050152900
                     67:         Auth ID        : 01
                     68:         ID             : 45d70cc6cdd46ce9914edcf6a81cb4fa60bf21ec
                     69:         MD:guid        : {ceefd809-2b85-adf5-c5a6-1205790bc09e}
                     70:           :cmap flags  : 0x0
                     71:           :sign        : 0
                     72:           :key-exchange: 0
                     73: 
                     74: Public RSA Key [pettai@NetBSD.org]
                     75:         Object Flags   : [0x2], modifiable
                     76:         Usage          : [0xD1], encrypt, wrap, verify, verifyRecover
                     77:         Access Flags   : [0x0]
                     78:         ModLength      : 2048
                     79:         Key ref        : 0 (0x0)
                     80:         Native         : no
                     81:         Path           : 3f0050153000
                     82:         ID             : 45d70cc6cdd46ce9914edcf6a81cb4fa60bf21ec
                     83: </code></pre>
                     84: 
1.4     ! wiki       85: Export the public key (and copy it to your <code> .ssh/authorized_keys </code> file on your remote host)
1.1       wiki       86: 
1.4     ! wiki       87: <pre><code>$ pkcs15-tool --read-ssh-key 45d70cc6cdd46ce9914edcf6a81cb4fa60bf21ec 
1.1       wiki       88: Using reader with a card: Feitian ePass2003 00 00
                     89: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl/O9hhKOos+1KkL7Q/jqrmSN9EXKFP86kZp+nRyCDErYBNiNl4PTGBfS7sx//suPIxzw8epmHR26JSIq0e0ZErjwBMTDzksUwLJ3+hOMgVnlInYPn+p569EcHiIWsKurfZBClllNHOMmTf3ZblbpN3+lwQUHNaUFECmLeh+wcDq6wGnHyCYF/UPUkqr/eiO2DkAYRhCgyPSfcM6a41H4hPWvo/HZgZvq3+Rpd0NHHHdleWfqHlGrdt00nzFV1TCsW16VhGh0KBfSfTKhH2WywqKGL5ik7SS5pFbD/rFSqn5Toc68hrkfbTbb5WBep2JM6htsSLuJ4079EKV3tIfpF pettai@NetBSD.org
                     90: </code></pre>
                     91: 
1.4     ! wiki       92: Now you can use your smartcard's private key then ssh:ing to your remote host
1.1       wiki       93: 
1.4     ! wiki       94: <pre><code>$ ssh -I /usr/pkg/lib/opensc-pkcs11.so pettai@localhost
1.1       wiki       95: Enter PIN for 'pettai@NetBSD.org (User PIN)':
                     96: Last login: Fri Oct  2 15:41:21 2015 from 109.105.104.135
                     97: NetBSD 7.99.19 (GENERIC) #0: Mon Jun 22 06:11:15 UTC 2015
                     98: </code></pre>

CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb