Reply to comment

You are hereeID things / Reply to comment

eID things

By chri - Posted on 26 June 2008

Some output from some commands:

Welke slots zijn er ?

$ ./pkcs11-tool --list-slots
Available slots:
Slot 0           CCID Smart Card Reader 0 0
 token label:   BELPIC (Basic PIN)
 token manuf:   (unknown)
 token model:   PKCS #15 SCard
 token flags:   rng, login required, PIN initialized, token initialized
 serial num  :  6CFF2491AB111E14
Slot 1           (empty)
Slot 2           (empty)
Slot 3           (empty)
Slot 4           (empty)
Slot 5           (empty)
Slot 6           (empty)
Slot 7           (empty)

Hier zijn dus nog 7 vrije slots die we kunnen gebruiken voor alles en nog
wat. Sommigen gebruiken het voor SSL certificaten, anderen voor kun
private PGP/GPG keys

Wat kan de kaart zoal:

 ./pkcs11-tool --list-mechanisms
Supported mechanisms:
 SHA-1, digest
 SHA256, digest
 SHA384, digest
 SHA512, digest
 MD5, digest
 RIPEMD160, digest
 RSA-PKCS, sign, verify, unwrap, decrypt
 SHA1-RSA-PKCS, sign, verify
 MD5-RSA-PKCS, sign, verify
 RIPEMD160-RSA-PKCS, sign, verify
 RSA-PKCS-KEY-PAIR-GEN, keypairgen

De objecten die op de kaart staan (certificaten dus):

$ ./pkcs11-tool --login --list-objects
Please enter User PIN:
Private Key Object; RSA
 label:      Authentication
 ID:         02
 Usage:      sign
.... enzovoort.

Welke certs staan er op :

$ ./pkcs15-tool --list-certificates
X.509 Certificate [Authentication]
       Flags    : 3
       Authority: no
       Path     : 3f00df005038
       ID       : 02

X.509 Certificate [Signature]
       Flags    : 3
       Authority: no
       Path     : 3f00df005039
       ID       : 03

X.509 Certificate [CA]
       Flags    : 3
       Authority: yes
       Path     : 3f00df00503a
       ID       : 04

X.509 Certificate [Root]
       Flags    : 3
       Authority: yes
       Path     : 3f00df00503b
       ID       : 06

En natuurlijk ook expliciet de details over de private keys. We zien dat
de private keys niet extractable zijn:

$ ./pkcs15-tool --list-keys
Private RSA Key [Authentication]
       Com. Flags  : 3
       Usage       : [0x4], sign
       Access Flags: [0x1D], sensitive, alwaysSensitive, neverExtract,
local
       ModLength   : 1024
       Key ref     : 130
       Native      : yes
       Path        : 3f00df00
       Auth ID     : 01
       ID          : 02

Private RSA Key [Signature]
       Com. Flags  : 3
       Usage       : [0x200], nonRepudiation
       Access Flags: [0x1D], sensitive, alwaysSensitive, neverExtract,
local
       ModLength   : 1024
       Key ref     : 131
       Native      : yes
       Path        : 3f00df00
       Auth ID     : 01
       ID          : 03

Add new comment

Reply

About Me
GnuPG Public Key Still More

Photos
Projects
WeIDS 2.0 Linux Lessons WiFi Auth Project
Documentation
Acer Aspire 2012 WLMi Acer TM 4002 WLMi IR-receiver (Win)(NL)
Links
Ubuntu Belgium Planet Grep

christophe at vandeplas.com

Reply to comment

eID things

Reply

User login