2011-01-04

OpenSSL Security - Smart Card

Format and initialize card using pkcs#15


pkcs15-init -E
pkcs15-init -C
pkcs15-init --store-pin --auth-id 0
pkcs15-init --create-pkcs15

Store PIN


pkcs11-tool.exe -L
pkcs15-init --store-pin --auth-id 01 --label "Jakub Marciniak"
pkcs11-tool.exe -L

Generate or store private key on card


pkcs15-tool --list-keys
pkcs15-init --store-private-key h:\apilia1024.p12 --format pkcs12 --auth-id 01
pkcs15-init --store-private-key h:\apilia1024.pem --format pem --auth-id 01
pkcs15-init -G rsa/1024 --auth-id 01 -u sign,decrypt
pkcs15-tool --list-keys

Generate certificate


openssl req -config C:\smartCard\openssl.conf -engine pkcs11 -new -key id_45 -keyform engine -out jm_apilia.pem -text -x509 -subj "/CN=Jakub Marciniak/O=APILIA Sp. J./C=PL/L=POZNAN/emailAddress=jakub.marciniak@apilia.pl"
openssl req -config C:\smartCard\openssl.conf -new -text -x509 -subj "/CN=Jakub Marciniak/O=APILIA/C=PL/L=POZNAN/emailAddress=jakub.marciniak@apilia.pl" -keyout test_privkey.pem -out test.pem

Store certificate


pkcs15-tool -c
pkcs15-init --store-certificate jm_apilia.pem --auth-id 01 --id 45 --format pem
pkcs15-init --store-certificate h:\apilia1024.pem --auth-id 01 --id 45 --format pem
pkcs15-tool -c

List keys using Java keytool


keytool -keystore NONE -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerArg c:/cm3.cfg -list