You are hereeID things

eID things

By chri - Posted on 26 June 2008

Some output from some commands:

Welke slots zijn er ?

$ ./pkcs11-tool --list-slots
Available slots:
Slot 0           CCID Smart Card Reader 0 0
 token label:   BELPIC (Basic PIN)
 token manuf:   (unknown)
 token model:   PKCS #15 SCard
 token flags:   rng, login required, PIN initialized, token initialized
 serial num  :  6CFF2491AB111E14
Slot 1           (empty)
Slot 2           (empty)
Slot 3           (empty)
Slot 4           (empty)
Slot 5           (empty)
Slot 6           (empty)
Slot 7           (empty)

Hier zijn dus nog 7 vrije slots die we kunnen gebruiken voor alles en nog
wat. Sommigen gebruiken het voor SSL certificaten, anderen voor kun
private PGP/GPG keys

Wat kan de kaart zoal:

 ./pkcs11-tool --list-mechanisms
Supported mechanisms:
 SHA-1, digest
 SHA256, digest
 SHA384, digest
 SHA512, digest
 MD5, digest
 RIPEMD160, digest
 RSA-PKCS, sign, verify, unwrap, decrypt
 SHA1-RSA-PKCS, sign, verify
 MD5-RSA-PKCS, sign, verify
 RIPEMD160-RSA-PKCS, sign, verify
 RSA-PKCS-KEY-PAIR-GEN, keypairgen

De objecten die op de kaart staan (certificaten dus):

$ ./pkcs11-tool --login --list-objects
Please enter User PIN:
Private Key Object; RSA
 label:      Authentication
 ID:         02
 Usage:      sign
.... enzovoort.

Welke certs staan er op :

$ ./pkcs15-tool --list-certificates
X.509 Certificate [Authentication]
       Flags    : 3
       Authority: no
       Path     : 3f00df005038
       ID       : 02

X.509 Certificate [Signature]
       Flags    : 3
       Authority: no
       Path     : 3f00df005039
       ID       : 03

X.509 Certificate [CA]
       Flags    : 3
       Authority: yes
       Path     : 3f00df00503a
       ID       : 04

X.509 Certificate [Root]
       Flags    : 3
       Authority: yes
       Path     : 3f00df00503b
       ID       : 06

En natuurlijk ook expliciet de details over de private keys. We zien dat
de private keys niet extractable zijn:

$ ./pkcs15-tool --list-keys
Private RSA Key [Authentication]
       Com. Flags  : 3
       Usage       : [0x4], sign
       Access Flags: [0x1D], sensitive, alwaysSensitive, neverExtract,
local
       ModLength   : 1024
       Key ref     : 130
       Native      : yes
       Path        : 3f00df00
       Auth ID     : 01
       ID          : 02

Private RSA Key [Signature]
       Com. Flags  : 3
       Usage       : [0x200], nonRepudiation
       Access Flags: [0x1D], sensitive, alwaysSensitive, neverExtract,
local
       ModLength   : 1024
       Key ref     : 131
       Native      : yes
       Path        : 3f00df00
       Auth ID     : 01
       ID          : 03
Relevant Content: 
Belgian eID to login on Mac OS X
Database authorization for openVPN with eID
OpenVPN with Belgian eID
Tags

I Love Belgium... and you?

About Me
GnuPG Public Key Still More LinkedIn profile
Photos
Projects
WeIDS 2.0 Linux Lessons WiFi Auth Project
Documentation
Acer Aspire 2012 WLMi Acer TM 4002 WLMi IR-receiver (Win)(NL)
Links
Ubuntu Belgium Planet Grep
FOSDEM BruCON Profoss hacker emblem www.cacert.org Get OpenOffice Get Firefox Get Thunderbird
What is OpenID?