File:  [NetBSD Developer Wiki] / wikisrc / tutorials / howto_bootstrap_the_ePass2003_smartcard.mdwn
Revision 1.1: download - view: text, annotated - select for diffs
Fri Oct 2 21:14:46 2015 UTC (5 years, 1 month ago) by wiki
Branches: MAIN
CVS tags: HEAD
web commit by pettai

    1: First you need to Install devel/ccid + security/opensc and it's dependencies.
    2: 
    3: Once installed, start the pcscd daemon:
    4: 
    5: <code> /etc/rc.d/pcscd onestart </code>
    6: 
    7: Check that OpenSC finds your ePass2003 smartcard
    8: 
    9: <pre><code> $ opensc-tool -n
   10: Using reader with a card: Feitian ePass2003 00 00
   11: epass2003
   12: </pre><code>
   13: 
   14: Start by erasing the card:
   15: 
   16: <code> $ pkcs15-init --erase-card </code>
   17: 
   18: Bootstrap the ePass2003
   19: 
   20: <pre><code> $ pkcs15-init --create-pkcs15 --profile pkcs15+onepin --label “pettai@NetBSD.org”
   21: Using reader with a card: Feitian ePass2003 00 00
   22: New User PIN.
   23: Please enter User PIN:
   24: Please type again to verify:
   25: Unblock Code for New User PIN (Optional - press return for no PIN).
   26: Please enter User unblocking PIN (PUK):
   27: Please type again to verify:
   28: </code></pre>
   29: 
   30: Generate a new RSA key on the card
   31: 
   32: <pre><code> $ pkcs15-init --generate-key rsa/2048 --key-usage sign,decrypt --auth-id 01 --label “pettai@NetBSD.org”
   33: Using reader with a card: Feitian ePass2003 00 00
   34: User PIN [User PIN] required.
   35: Please enter User PIN [User PIN]:
   36: </code></pre>
   37: 
   38: 
   39: <pre><code> $ pkcs15-tool --dump
   40: Using reader with a card: Feitian ePass2003 00 00
   41: PKCS#15 Card [pettai@NetBSD.org]:
   42:         Version        : 0
   43:         Serial number  : 0926531503081201
   44:         Manufacturer ID: EnterSafe
   45:         Last update    : 20151002154352Z
   46:         Flags          : EID compliant
   47: 
   48: PIN [User PIN]
   49:         Object Flags   : [0x3], private, modifiable
   50:         ID             : 01
   51:         Flags          : [0x32], local, initialized, needs-padding
   52:         Length         : min_len:4, max_len:16, stored_len:16
   53:         Pad char       : 0x00
   54:         Reference      : 1 (0x01)
   55:         Type           : ascii-numeric
   56:         Path           : 3f005015
   57: 
   58: Private RSA Key [pettai@NetBSD.org]
   59:         Object Flags   : [0x3], private, modifiable
   60:         Usage          : [0x2E], decrypt, sign, signRecover, unwrap
   61:         Access Flags   : [0x1D], sensitive, alwaysSensitive, neverExtract, local
   62:         ModLength      : 2048
   63:         Key ref        : 0 (0x0)
   64:         Native         : yes
   65:         Path           : 3f0050152900
   66:         Auth ID        : 01
   67:         ID             : 45d70cc6cdd46ce9914edcf6a81cb4fa60bf21ec
   68:         MD:guid        : {ceefd809-2b85-adf5-c5a6-1205790bc09e}
   69:           :cmap flags  : 0x0
   70:           :sign        : 0
   71:           :key-exchange: 0
   72: 
   73: Public RSA Key [pettai@NetBSD.org]
   74:         Object Flags   : [0x2], modifiable
   75:         Usage          : [0xD1], encrypt, wrap, verify, verifyRecover
   76:         Access Flags   : [0x0]
   77:         ModLength      : 2048
   78:         Key ref        : 0 (0x0)
   79:         Native         : no
   80:         Path           : 3f0050153000
   81:         ID             : 45d70cc6cdd46ce9914edcf6a81cb4fa60bf21ec
   82: </code></pre>
   83: 
   84: Export the public key (and put it in your <code> .ssh/authorized_keys </code> file on your remote host):
   85: 
   86: <pre><code> $ pkcs15-tool --read-ssh-key 45d70cc6cdd46ce9914edcf6a81cb4fa60bf21ec 
   87: Using reader with a card: Feitian ePass2003 00 00
   88: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl/O9hhKOos+1KkL7Q/jqrmSN9EXKFP86kZp+nRyCDErYBNiNl4PTGBfS7sx//suPIxzw8epmHR26JSIq0e0ZErjwBMTDzksUwLJ3+hOMgVnlInYPn+p569EcHiIWsKurfZBClllNHOMmTf3ZblbpN3+lwQUHNaUFECmLeh+wcDq6wGnHyCYF/UPUkqr/eiO2DkAYRhCgyPSfcM6a41H4hPWvo/HZgZvq3+Rpd0NHHHdleWfqHlGrdt00nzFV1TCsW16VhGh0KBfSfTKhH2WywqKGL5ik7SS5pFbD/rFSqn5Toc68hrkfbTbb5WBep2JM6htsSLuJ4079EKV3tIfpF pettai@NetBSD.org
   89: </code></pre>
   90: 
   91: Use your smartcard private key then ssh:ing:
   92: 
   93: <pre><code>
   94: $ ssh -I /usr/pkg/lib/opensc-pkcs11.so pettai@localhost
   95: Enter PIN for 'pettai@NetBSD.org (User PIN)':
   96: Last login: Fri Oct  2 15:41:21 2015 from 109.105.104.135
   97: NetBSD 7.99.19 (GENERIC) #0: Mon Jun 22 06:11:15 UTC 2015
   98: </code></pre>

CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb