Iceweasel / firefox smartcard HOWTO - GOOZE downloading
Iceweasel / firefox smartcard HOWTO - GOOZE downloading
Iceweasel / firefox smartcard HOWTO - GOOZE downloading
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Iceweasel</strong> / <strong>firefox</strong> <strong>smartcard</strong> <strong>HOWTO</strong><br />
To start with certificates, we need to generate RSA and X.509 certificates.<br />
The OpenSSL way<br />
Using the traditional OpenSSL way, this is quite long and tedious:<br />
Generate a private RSA key:<br />
$ openssl genrsa -des3 -out rsa.key 2048<br />
Generate a CSR (Certificate Signing Request):<br />
$ openssl req -new -key rsa.key -out rsa_key.csr<br />
Remove passphrase:<br />
cp rsa.key rsa_key_no_passphrase<br />
openssl rsa -in rsa_key_no_passphrase -out rsa.key<br />
Generae a self-signed certificate:<br />
openssl x509 -req -days 365 -in rsa_key.csr -signkey rsa.key -out rsa.crt<br />
All this is quite tedious, and will not give you access to a real certificate authority, which brings more:<br />
The ability to sign and authenticate your keys publicly.<br />
The ability to revoke your certificates on the Internet.<br />
The CAcert way<br />
CAcert.org, which offers all of this, is managed by individuals.<br />
Creating self-signed certificates is much more easy with CAcert.org.<br />
In short, the process is as follows:<br />
Register CAcert.org<br />
Register an email address.<br />
Validate your email address. This is done by receiving an email.<br />
Enter your domain name.<br />
Validate your domain name. This is done by receiving an email.<br />
Preparing the smart card<br />
To prepare the smart card, read our Smartcard Quickstart guide [3], which gives a detailed description in more than 40 pages.<br />
For the impatient, here is a summary :<br />
Install the OpenSC framework.<br />
Connect the smart card reader.<br />
Initialize a blank card.<br />
Define a PIN code.<br />
Dump the <strong>smartcard</strong> content.<br />
Run these commands, as root:<br />
$ apt-get install pcsc-tools libccid openssl<br />
Copyright <strong>GOOZE</strong> 2010-2011 http://www.gooze.eu 2 / 9