1: First you need to Install devel/ccid + security/opensc and it's dependencies.
2:
3: Once installed, start the pcscd daemon:
4:
5: <code> /etc/rc.d/pcscd onestart </code>
6:
7: Check that OpenSC finds your ePass2003 smartcard
8:
9: <pre><code> $ opensc-tool -n
10: Using reader with a card: Feitian ePass2003 00 00
11: epass2003
12: </pre><code>
13:
14: Start by erasing the card:
15:
16: <code> $ pkcs15-init --erase-card </code>
17:
18: Bootstrap the ePass2003
19:
20: <pre><code> $ pkcs15-init --create-pkcs15 --profile pkcs15+onepin --label “pettai@NetBSD.org”
21: Using reader with a card: Feitian ePass2003 00 00
22: New User PIN.
23: Please enter User PIN:
24: Please type again to verify:
25: Unblock Code for New User PIN (Optional - press return for no PIN).
26: Please enter User unblocking PIN (PUK):
27: Please type again to verify:
28: </code></pre>
29:
30: Generate a new RSA key on the card
31:
32: <pre><code> $ pkcs15-init --generate-key rsa/2048 --key-usage sign,decrypt --auth-id 01 --label “pettai@NetBSD.org”
33: Using reader with a card: Feitian ePass2003 00 00
34: User PIN [User PIN] required.
35: Please enter User PIN [User PIN]:
36: </code></pre>
37:
38:
39: <pre><code> $ pkcs15-tool --dump
40: Using reader with a card: Feitian ePass2003 00 00
41: PKCS#15 Card [pettai@NetBSD.org]:
42: Version : 0
43: Serial number : 0926531503081201
44: Manufacturer ID: EnterSafe
45: Last update : 20151002154352Z
46: Flags : EID compliant
47:
48: PIN [User PIN]
49: Object Flags : [0x3], private, modifiable
50: ID : 01
51: Flags : [0x32], local, initialized, needs-padding
52: Length : min_len:4, max_len:16, stored_len:16
53: Pad char : 0x00
54: Reference : 1 (0x01)
55: Type : ascii-numeric
56: Path : 3f005015
57:
58: Private RSA Key [pettai@NetBSD.org]
59: Object Flags : [0x3], private, modifiable
60: Usage : [0x2E], decrypt, sign, signRecover, unwrap
61: Access Flags : [0x1D], sensitive, alwaysSensitive, neverExtract, local
62: ModLength : 2048
63: Key ref : 0 (0x0)
64: Native : yes
65: Path : 3f0050152900
66: Auth ID : 01
67: ID : 45d70cc6cdd46ce9914edcf6a81cb4fa60bf21ec
68: MD:guid : {ceefd809-2b85-adf5-c5a6-1205790bc09e}
69: :cmap flags : 0x0
70: :sign : 0
71: :key-exchange: 0
72:
73: Public RSA Key [pettai@NetBSD.org]
74: Object Flags : [0x2], modifiable
75: Usage : [0xD1], encrypt, wrap, verify, verifyRecover
76: Access Flags : [0x0]
77: ModLength : 2048
78: Key ref : 0 (0x0)
79: Native : no
80: Path : 3f0050153000
81: ID : 45d70cc6cdd46ce9914edcf6a81cb4fa60bf21ec
82: </code></pre>
83:
84: Export the public key (and put it in your <code> .ssh/authorized_keys </code> file on your remote host):
85:
86: <pre><code> $ pkcs15-tool --read-ssh-key 45d70cc6cdd46ce9914edcf6a81cb4fa60bf21ec
87: Using reader with a card: Feitian ePass2003 00 00
88: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl/O9hhKOos+1KkL7Q/jqrmSN9EXKFP86kZp+nRyCDErYBNiNl4PTGBfS7sx//suPIxzw8epmHR26JSIq0e0ZErjwBMTDzksUwLJ3+hOMgVnlInYPn+p569EcHiIWsKurfZBClllNHOMmTf3ZblbpN3+lwQUHNaUFECmLeh+wcDq6wGnHyCYF/UPUkqr/eiO2DkAYRhCgyPSfcM6a41H4hPWvo/HZgZvq3+Rpd0NHHHdleWfqHlGrdt00nzFV1TCsW16VhGh0KBfSfTKhH2WywqKGL5ik7SS5pFbD/rFSqn5Toc68hrkfbTbb5WBep2JM6htsSLuJ4079EKV3tIfpF pettai@NetBSD.org
89: </code></pre>
90:
91: Use your smartcard private key then ssh:ing:
92:
93: <pre><code>
94: $ ssh -I /usr/pkg/lib/opensc-pkcs11.so pettai@localhost
95: Enter PIN for 'pettai@NetBSD.org (User PIN)':
96: Last login: Fri Oct 2 15:41:21 2015 from 109.105.104.135
97: NetBSD 7.99.19 (GENERIC) #0: Mon Jun 22 06:11:15 UTC 2015
98: </code></pre>
CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb
![[BACK]](/icons/back.gif){kind=icon}
Return to howto_bootstrap_the_ePass2003_smartcard.mdwn CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [NetBSD Developer Wiki] / wikisrc / tutorials