informatique:safenet_etoken_5110
Différences
Ci-dessous, les différences entre deux révisions de la page.
Les deux révisions précédentesRévision précédenteProchaine révision | Révision précédente | ||
informatique:safenet_etoken_5110 [17/08/2023 18:52] – [Essai ...] cyrille | informatique:safenet_etoken_5110 [28/08/2023 17:43] (Version actuelle) – [Charger la paire de clés et le certificat dans le token] cyrille | ||
---|---|---|---|
Ligne 10: | Ligne 10: | ||
* Using Tokens in Ubuntu with PGP https:// | * Using Tokens in Ubuntu with PGP https:// | ||
- | Version "5110 CC" Acheté 37 € (2023-08) sur https:// | ||
- | Voir aussi [[/ | + | * Version "5110 CC" Acheté 37 € (2023-08) sur https:// |
+ | * Voir aussi [[/ | ||
* API et normes compatibles : PKCS#11, Microsoft CAPI, PC/SC, stockage de certificats X.509 v3, SSL v3, IPSec/IKE, MS mini-lecteur, | * API et normes compatibles : PKCS#11, Microsoft CAPI, PC/SC, stockage de certificats X.509 v3, SSL v3, IPSec/IKE, MS mini-lecteur, | ||
Ligne 92: | Ligne 93: | ||
W: no-manual-page usr/ | W: no-manual-page usr/ | ||
W: package-name-doesnt-match-sonames libIDClassicSISTokenEngine10 libIDPVSlotEngine10 libIDPrimePKCS11-10 libIDPrimeSISTokenEngine10 libIDPrimeTokenEngine10 libSACLog10 libSACUI10 libeTPKCS15-10 libeToken10 libeTokenHID10 | W: package-name-doesnt-match-sonames libIDClassicSISTokenEngine10 libIDPVSlotEngine10 libIDPrimePKCS11-10 libIDPrimeSISTokenEngine10 libIDPrimeTokenEngine10 libSACLog10 libSACUI10 libeTPKCS15-10 libeToken10 libeTokenHID10 | ||
+ | </ | ||
+ | |||
+ | Ajout du module SafeNet ''/ | ||
+ | |||
+ | {{: | ||
+ | |||
+ | {{: | ||
+ | |||
+ | Chrome / Chromium ne propose pas d' | ||
+ | * [[https:// | ||
+ | |||
+ | ===== pkcs11-register ===== | ||
+ | |||
+ | < | ||
+ | $ pkcs11-register | ||
+ | Added OpenSC smartcard framework (0.22) to / | ||
+ | Added OpenSC smartcard framework (0.22) to / | ||
+ | Added OpenSC smartcard framework (0.22) to / | ||
+ | |||
+ | $ pkcs11-register -m / | ||
+ | Added Gemalto PKCS11 (10.8) to / | ||
+ | Added Gemalto PKCS11 (10.8) to / | ||
+ | Added Gemalto PKCS11 (10.8) to / | ||
</ | </ | ||
Ligne 212: | Ligne 236: | ||
token manufacturer : Gemalto | token manufacturer : Gemalto | ||
... | ... | ||
+ | </ | ||
+ | |||
+ | Avec le module ''/ | ||
+ | < | ||
+ | $ pkcs11-tool --module / | ||
+ | Available slots: | ||
+ | Slot 0 (0x0): SafeNet eToken 5100 [eToken 5110 SC] 00 00 | ||
+ | token label : CyrilleSN5110 | ||
+ | token manufacturer : Gemalto | ||
+ | token model : ID Prime MD | ||
+ | token flags : login required, rng, token initialized, | ||
+ | hardware version | ||
+ | firmware version | ||
+ | serial num : 00D7E011831A61E9 | ||
+ | pin min/ | ||
+ | Slot 1 (0x1): | ||
+ | (empty) | ||
+ | Slot 2 (0x2): | ||
+ | (empty) | ||
+ | Slot 3 (0x3): | ||
+ | (empty) | ||
+ | Slot 4 (0x4): | ||
+ | (empty) | ||
+ | Slot 5 (0x5): | ||
+ | (empty) | ||
+ | Slot 6 (0x6): | ||
+ | (empty) | ||
+ | Slot 7 (0x7): | ||
+ | (empty) | ||
+ | Slot 8 (0x10): SafeNet eToken 5100 [eToken 5110 SC] 00 (Digital Signature Pin) | ||
+ | token label : CyrilleSN5110 (Digital Signature | ||
+ | token manufacturer : Gemalto | ||
+ | token model : ID Prime MD | ||
+ | token flags : login required, rng, token initialized, | ||
+ | hardware version | ||
+ | firmware version | ||
+ | serial num : 00D7E011831A61E9 | ||
+ | pin min/ | ||
+ | </ | ||
+ | |||
+ | Avec '' | ||
+ | < | ||
+ | $ opensc-tool -l | ||
+ | # Detected readers (pcsc) | ||
+ | Nr. Card Features | ||
+ | 0 Yes | ||
+ | |||
+ | $ opensc-tool --reader 0 --name | ||
+ | Unsupported card | ||
+ | </ | ||
+ | |||
+ | ===== Charger la paire de clés et le certificat dans le token ===== | ||
+ | |||
+ | * [[https:// | ||
+ | * https:// | ||
+ | |||
+ | <code bash> | ||
+ | # extraire les clés et le certificat au format DER | ||
+ | $ openssl rsa -in privkey.pkey -outform DER -out testkey-key.der | ||
+ | $ openssl x509 -in cert.cer -outform DER -out testkey-crt.der | ||
+ | $ openssl rsa -in privkey.pkey -pubout -out testkey-public.key | ||
+ | |||
+ | # import private key into token | ||
+ | $ pkcs11-tool --module / | ||
+ | Using slot 0 with a present token (0x0) | ||
+ | Logging in to " | ||
+ | Please enter User PIN: | ||
+ | Created private key: | ||
+ | Private Key Object; RSA | ||
+ | label: | ||
+ | ID: 01 | ||
+ | Usage: | ||
+ | Access: | ||
+ | |||
+ | # import certificat into token | ||
+ | $ pkcs11-tool --module / | ||
+ | Using slot 0 with a present token (0x0) | ||
+ | Logging in to " | ||
+ | Please enter User PIN: | ||
+ | Created certificate: | ||
+ | Certificate Object; type = X.509 cert | ||
+ | label: | ||
+ | subject: | ||
+ | ID: 01 | ||
+ | |||
+ | # import public key into token | ||
+ | $ pkcs11-tool --module / | ||
+ | Using slot 0 with a present token (0x0) | ||
+ | Logging in to " | ||
+ | Please enter User PIN: | ||
+ | Created public key: | ||
+ | Public Key Object; RSA 2048 bits | ||
+ | label: | ||
+ | ID: 01 | ||
+ | Usage: | ||
+ | Access: | ||
+ | |||
+ | </ | ||
+ | |||
+ | Et hop, visualisation du travail avec SAC: | ||
+ | |||
+ | {{: | ||
+ | |||
+ | Et avec '' | ||
+ | <code bash> | ||
+ | $ pkcs11-tool --module / | ||
+ | Using slot 0 with a present token (0x0) | ||
+ | Logging in to " | ||
+ | Please enter User PIN: | ||
+ | Certificate Object; type = X.509 cert | ||
+ | label: | ||
+ | subject: | ||
+ | ID: 01 | ||
+ | Public Key Object; RSA 2048 bits | ||
+ | label: | ||
+ | ID: 01 | ||
+ | Usage: | ||
+ | Access: | ||
+ | Private Key Object; RSA | ||
+ | label: | ||
+ | ID: 01 | ||
+ | Usage: | ||
+ | Access: | ||
</ | </ | ||
informatique/safenet_etoken_5110.1692291140.txt.gz · Dernière modification : 17/08/2023 18:52 de cyrille