Smartcard 2.0 | Smartcard Management that Works

Smartcard 2.0 is a cooperation between:

Navigation

Book navigation

User login

About Smartcard 2.0

Smartcard 2.0 is everything you need for a Demo or a Proof Of Concept. To make it as easy as possible to get started it is a ready made vmware image with all the instructions, software and hardware you need. picture of the smartcard20 box In the package you'll get:

Welcome Notice
DVD vith a Vmware image with all server components installed
Getting started, Card admin and Super administrators-manuals
Five Setec 4.4.1 cards
Two Gemplus GemTwin USB Smart card readers

Hard Token Management Framwork 1.3.0 is released, enjoy!

Read more at: hardtokenmgmt.org site Also there is a new image for demo/Prof of concept almost ready, use the contact form to get a preview.

By kinneh at 2010-05-26 13:14
kinneh's blog
Login or register to post comments

Base component HTMF 1.1.3 Released

Release Notes - Hard Token Management Framework - Version 1.1.3 Bug

[HTMF-131] - ant deploy doesn't include customproperties
[HTMF-132] - Bugg in PIN checking if unblock PIN is called twice

By kinneh at 2009-03-13 09:25
kinneh's blog
Login or register to post comments

pkcs11-data not working

han@plup:~$ echo "hemlighet" | gzip | pkcs11-data --add-provider=/usr/lib/opensc-pkcs11.so --cmd=import --token='Sec Maker\x20AB/PKCS\x20\x2315\x20SCard/3456400981004497/ToLiMa\x20Card\x20P1\x20\x28signature\x29' --application=DISK --label=M Y --verbose PKCS#11: pkcs11h_token_deserializeTokenId entry p_token_id=0x7ffffffaa2f0, sz='SecMaker\x20AB/PKCS\x20\x2315\x20SCard/345640 .... see attached file for complete listings

1 comment

Windows domain login

The howto is attached

By kinneh at 2008-11-20 17:10
Login or register to post comments
3 attachments

Linux SSH

If the ssh-client don't support smartcards you'll have to recompile it with:
tar zxvf openssh-x.y.z.tar.gz cd openssh-x.y.z ./configure --with-opensc make make install

Setup your account on the remote server:
han@plup:~$ pkcs15-tool -k --- Private RSA Key [key aut + enc] Com. Flags : 3 Usage : [0x2E], decrypt, sign, signRecover, unwrap Access Flags: [0x18], neverExtract, local ModLength : 1024 Key ref : -1 Native : yes Path : 3f0050154b01 Auth ID : 01 ID : bbaf8cc8437e03662a8c1ba95364abda935cbd32 --- Private RSA Key [c1469ad6-6182-4930-926b-ea9acce60c41] Com. Flags : 3 Usage : [0x2E], decrypt, sign, signRecover, unwrap Access Flags: [0x18], neverExtract, local ModLength : 1024 Key ref : -1 Native : yes Path : 3f0050154b03 Auth ID : 01 ID : 63313436396164362d363138322d343933302d393236622d6561396163636536 --- Private RSA Key [key sign] Com. Flags : 3 Usage : [0x2E], decrypt, sign, signRecover, unwrap Access Flags: [0x18], neverExtract, local ModLength : 1024 Key ref : -1 Native : yes

By kinneh at 2008-11-20 00:23
Login or register to post comments
Read more

Linux Openvpn Server

in /etc/openvpn you'll have the following files:

vpnsrv.crt - server's certificate
vpnsrv.key - server's private key
ca-certs.pem - approved client's ca certificates
dh2048.pem - Diffie-Hellman Parameters

Install server certificate:
cat > /etc/openvpn/vpnsrv.crt -----BEGIN CERTIFICATE----- MIIDfzCCAmegAwIBAgIIE69O7+bgQ2IwDQYJKoZIhvcNAQEFBQAwTTEhMB8GA1UE AwwYTGFiYiBBY2Nlc3NNYW5hZ2VyIENBIHQxMRswGQYDVQQKDBJSaWtzcG9 ...cut... 5mmWe7aSdNOJupOQL+Sp4w967LvZmI+BzsgLdH4BiWH4yKqv1JPWV8hQ2C4tWW5O A71Il4eLn6gO4v1XcSOhHFFe89gSMnXKnrGZP0JPe6Q7exc= -----END CERTIFICATE----- (press ctrl-d on empty line to mark end of input)

Install server private key:
cat > /etc/openvpn/vpnsrv.key -----BEGIN RSA PRIVATE KEY----- MIICWwIBAAKBgQCSHETppgF/uhAvWabcM+Khz2Q6I0JDqVB/a1ERnphBKeiXTOIn QLz/Z+85jimUeYZovvdgHeAWmnSO17u9KKF5ega+bdIKt96+PzthExjjCkVc3BcD ...cut... 2mnBWSmzZP28YvvlIQJAc14fBRkoG4enmsFS7vkfWjcK10W5dyeJKM+Ef+DUuXeB QQznlxv+MYaF8YjYNloPKTwdVCWx9acXxknwiUVStQ== -----END RSA PRIVATE KEY----- (press ctrl-d on empty line to mark end of input)

Generate Diffie-Hellman Parameters
$OPENSSL dhparam -out /etc/openvpn/dh2048.pem 2048

By kinneh at 2008-11-20 00:23
Login or register to post comments
1 attachment

Linux Openvpn Client

Show the slots/certificates

han@plup:~$ sudo openvpn --show-pkcs11-ids /usr/lib/opensc-pkcs11.so The following objects are available for use. Each object shown below may be used as parameter to --pkcs11-id option please remember to use single quote mark. Certificate DN: /CN=Henrik Andreasson/serialNumber=190101020304/O=fmv Serial: 1D45062F038F45B0 Serialized id: SecMaker\x20AB/PKCS\x20\x2315\x20SCard/3456400981004497/ToLiMa\x20Card\x20P1\x20\x28identification\x29/BBAF8CC8437E03662A8C1BA95364ABDA935CBD32 Certificate DN: /CN=Henrik Andreasson/O=Gazonk/C=SE Serial: 17A2FDBCC4004BDA Serialized id: SecMaker\x20AB/PKCS\x20\x2315\x20SCard/3456400981004497/ToLiMa\x20Card\x20P1\x20\x28identification\x29/63313436396164362D363138322D343933302D393236622D6561396163636536 Certificate DN: /CN=Henrik Andreasson/serialNumber=190101020304/O=fmv Serial: 02FA9DD5264D52A2 Serialized id: SecMaker\x20AB/PKCS\x20\x2315\x20SCard/3456400981004497/ToLiMa\x20Card\x20P1\x20\x28identification\x29/239DE190AC0EC55E3EA85FBB216806465FB8E04E Certificate DN: /CN=Henrik Andreasson/serialNumber=190101020304/O=fmv Serial: 73441CA4B462246C Serialized id: SecMaker\x20AB/PKCS\x20\x2315\x20SCard/3456400981004497/ToLiMa\x20Card\x20P1\x20\x28identification\x29/BBAF8CC8437E03662A8C1BA95364ABDA935CBD32 Certificate

By kinneh at 2008-11-20 00:22
Login or register to post comments
Read more
1 attachment

Howto

By kinneh at 2008-11-20 00:21
Login or register to post comments

Boxes ready for installation

Just go ahead and fill in the Request Eval Kit Form at http://www.smartcard20.com/index.php?q=node/22

By kinneh at 2008-10-18 00:28
kinneh's blog
Login or register to post comments

Smartcard 2.0 is a cooperation between:

Navigation

Book navigation

User login

EJBCA Issue Tracker