Iceweasel / firefox smartcard HOWTO - GOOZE downloading

More documents

Recommendations

Info

Iceweasel / firefox smartcard HOWTO To start with certificates, we need to generate RSA and X.509 certificates. The OpenSSL way Using the traditional OpenSSL way, this is quite long and tedious: Generate a private RSA key: $ openssl genrsa -des3 -out rsa.key 2048 Generate a CSR (Certificate Signing Request): $ openssl req -new -key rsa.key -out rsa_key.csr Remove passphrase: cp rsa.key rsa_key_no_passphrase openssl rsa -in rsa_key_no_passphrase -out rsa.key Generae a self-signed certificate: openssl x509 -req -days 365 -in rsa_key.csr -signkey rsa.key -out rsa.crt All this is quite tedious, and will not give you access to a real certificate authority, which brings more: The ability to sign and authenticate your keys publicly. The ability to revoke your certificates on the Internet. The CAcert way CAcert.org, which offers all of this, is managed by individuals. Creating self-signed certificates is much more easy with CAcert.org. In short, the process is as follows: Register CAcert.org Register an email address. Validate your email address. This is done by receiving an email. Enter your domain name. Validate your domain name. This is done by receiving an email. Preparing the smart card To prepare the smart card, read our Smartcard Quickstart guide [3], which gives a detailed description in more than 40 pages. For the impatient, here is a summary : Install the OpenSC framework. Connect the smart card reader. Initialize a blank card. Define a PIN code. Dump the smartcard content. Run these commands, as root: $ apt-get install pcsc-tools libccid openssl Copyright GOOZE 2010-2011 http://www.gooze.eu 2 / 9
Iceweasel / firefox smartcard HOWTO Warning: OpenSC 0.12.0 or later version is needed by the Feitian PKI. If a package is not available, compile OpenSC from sources. Install the needed libraries to compile OpenSC: $ apt-get build-dep opensc Download OpenSC [4] for GNU/Linux, untar, configure and install: $ ./configure --prefix=/usr $ make $ sudo make install Initializing the smartcard If the card needs to be erased: $ pkcs15-init -E Initialize the card: $ pkcs15-init --create-pkcs15 --profile pkcs15+onepin --use-default-transport-key --pin 0000 --puk 111111 --label "François Pérou" This will create the PKCS15 file structure with PIN code 0000 and PUK code 111111. Adapt these values. The PIN code is the main code, the PUK code is the unblocking code. Display information $ pkcs15-tool --dump Using reader with a card: Feitian SCR301 01 00 PKCS#15 Card [François Pérou]: Version : 1 Serial number : 3068241116010310 Manufacturer ID: EnterSafe Last update : 20100322225720Z Flags : PRN generation, EID compliant PIN [User PIN] Com. Flags: 0x3 ID : 01 Flags : [0x30], initialized, needs-padding Length : min_len:4, max_len:16, stored_len:16 Pad char : 0x00 Reference : 1 Type : ascii-numeric Path : We now have a blank card initialized with a PIN code. Our card is ready to connect to CAcert and transfer a certificate. Configuring the navigator to use smart cards In this section, we will configure Firefox to use smartcards. Select Edit->Preferences, click on Advanced tab and Encryption tab : Copyright GOOZE 2010-2011 http://www.gooze.eu 3 / 9
Page 1: Iceweasel / firefox smartcard HOWTO
Page 5 and 6: Iceweasel / firefox smartcard HOWTO
Page 7 and 8: Iceweasel / firefox smartcard HOWTO
Page 9: Iceweasel / firefox smartcard HOWTO

Iceweasel / firefox smartcard HOWTO - GOOZE downloading

Create successful ePaper yourself

Delete template?

Save as template?