Annotation of wikisrc/tutorials/howto_bootstrap_the_ePass2003_smartcard.mdwn, revision 1.6
1.5 wiki 1: First you need to Install security/ccid + security/opensc from pkgsrc.
1.1 wiki 2:
1.4 wiki 3: Once installed, start the pcscd daemon
1.1 wiki 4:
1.4 wiki 5: <code> # /etc/rc.d/pcscd onestart</code>
1.1 wiki 6:
1.4 wiki 7: Verify that OpenSC finds your ePass2003 smartcard
1.1 wiki 8:
1.4 wiki 9: <pre><code>$ opensc-tool -n
1.1 wiki 10: Using reader with a card: Feitian ePass2003 00 00
11: epass2003
1.2 wiki 12: </code></pre>
1.1 wiki 13:
1.4 wiki 14: Start by erasing the card
1.1 wiki 15:
16: <code> $ pkcs15-init --erase-card </code>
17:
18: Bootstrap the ePass2003
19:
1.6 ! uwe 20: <pre><code>$ pkcs15-init --create-pkcs15 --profile pkcs15+onepin --label "pettai@NetBSD.org"
1.1 wiki 21: Using reader with a card: Feitian ePass2003 00 00
22: New User PIN.
23: Please enter User PIN:
24: Please type again to verify:
25: Unblock Code for New User PIN (Optional - press return for no PIN).
26: Please enter User unblocking PIN (PUK):
27: Please type again to verify:
28: </code></pre>
29:
30: Generate a new RSA key on the card
31:
1.6 ! uwe 32: <pre><code>$ pkcs15-init --generate-key rsa/2048 --key-usage sign,decrypt --auth-id 01 --label "pettai@NetBSD.org"
1.1 wiki 33: Using reader with a card: Feitian ePass2003 00 00
34: User PIN [User PIN] required.
35: Please enter User PIN [User PIN]:
36: </code></pre>
37:
1.4 wiki 38: Check the ID of the generated key
1.1 wiki 39:
1.4 wiki 40: <pre><code>$ pkcs15-tool --dump
1.1 wiki 41: Using reader with a card: Feitian ePass2003 00 00
42: PKCS#15 Card [pettai@NetBSD.org]:
43: Version : 0
44: Serial number : 0926531503081201
45: Manufacturer ID: EnterSafe
46: Last update : 20151002154352Z
47: Flags : EID compliant
48:
49: PIN [User PIN]
50: Object Flags : [0x3], private, modifiable
51: ID : 01
52: Flags : [0x32], local, initialized, needs-padding
53: Length : min_len:4, max_len:16, stored_len:16
54: Pad char : 0x00
55: Reference : 1 (0x01)
56: Type : ascii-numeric
57: Path : 3f005015
58:
59: Private RSA Key [pettai@NetBSD.org]
60: Object Flags : [0x3], private, modifiable
61: Usage : [0x2E], decrypt, sign, signRecover, unwrap
62: Access Flags : [0x1D], sensitive, alwaysSensitive, neverExtract, local
63: ModLength : 2048
64: Key ref : 0 (0x0)
65: Native : yes
66: Path : 3f0050152900
67: Auth ID : 01
68: ID : 45d70cc6cdd46ce9914edcf6a81cb4fa60bf21ec
69: MD:guid : {ceefd809-2b85-adf5-c5a6-1205790bc09e}
70: :cmap flags : 0x0
71: :sign : 0
72: :key-exchange: 0
73:
74: Public RSA Key [pettai@NetBSD.org]
75: Object Flags : [0x2], modifiable
76: Usage : [0xD1], encrypt, wrap, verify, verifyRecover
77: Access Flags : [0x0]
78: ModLength : 2048
79: Key ref : 0 (0x0)
80: Native : no
81: Path : 3f0050153000
82: ID : 45d70cc6cdd46ce9914edcf6a81cb4fa60bf21ec
83: </code></pre>
84:
1.4 wiki 85: Export the public key (and copy it to your <code> .ssh/authorized_keys </code> file on your remote host)
1.1 wiki 86:
1.4 wiki 87: <pre><code>$ pkcs15-tool --read-ssh-key 45d70cc6cdd46ce9914edcf6a81cb4fa60bf21ec
1.1 wiki 88: Using reader with a card: Feitian ePass2003 00 00
89: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl/O9hhKOos+1KkL7Q/jqrmSN9EXKFP86kZp+nRyCDErYBNiNl4PTGBfS7sx//suPIxzw8epmHR26JSIq0e0ZErjwBMTDzksUwLJ3+hOMgVnlInYPn+p569EcHiIWsKurfZBClllNHOMmTf3ZblbpN3+lwQUHNaUFECmLeh+wcDq6wGnHyCYF/UPUkqr/eiO2DkAYRhCgyPSfcM6a41H4hPWvo/HZgZvq3+Rpd0NHHHdleWfqHlGrdt00nzFV1TCsW16VhGh0KBfSfTKhH2WywqKGL5ik7SS5pFbD/rFSqn5Toc68hrkfbTbb5WBep2JM6htsSLuJ4079EKV3tIfpF pettai@NetBSD.org
90: </code></pre>
91:
1.4 wiki 92: Now you can use your smartcard's private key then ssh:ing to your remote host
1.1 wiki 93:
1.4 wiki 94: <pre><code>$ ssh -I /usr/pkg/lib/opensc-pkcs11.so pettai@localhost
1.1 wiki 95: Enter PIN for 'pettai@NetBSD.org (User PIN)':
96: Last login: Fri Oct 2 15:41:21 2015 from 109.105.104.135
97: NetBSD 7.99.19 (GENERIC) #0: Mon Jun 22 06:11:15 UTC 2015
98: </code></pre>
CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb
![[BACK]](/icons/back.gif){kind=icon}
Return to howto_bootstrap_the_ePass2003_smartcard.mdwn CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [NetBSD Developer Wiki] / wikisrc / tutorials