-
-
Save zerkalica/2b8cc80baf8abd56f42c to your computer and use it in GitHub Desktop.
eToken
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# installation | |
sudo apt-get install pcscd opensc openct libhal1 | |
sudo apt-get install libnss3-tools | |
sudo apt-get install p11-kit | |
# unpacking pkiclient-5.00.28-0.i386.rpm | |
sudo cp libeToken.so.5.00 /usr/local/lib | |
sudo ldconfig | |
# fixing pcscd | |
echo 'DAEMON_ARGS="-d"' | sudo tee /etc/default/pcscd | |
sudo sed -i 's/^exit 0/#&/' /etc/init.d/pcscd | |
sudo killall pcscd | |
sudo /etc/init.d/pcscd start | |
# hardware verification | |
pkcs11-tool --module libeToken.so.5 -T | |
pkcs11-tool --module libeToken.so.5 -l -O | |
opensc-tool -l | |
# dump certs | |
pkcs11-tool --module libeToken.so.5 --slot 0 --type cert -O | awk '$1=="label:" { print $2 }' | while read l; do pkcs11-tool --module libeToken.so.5 --slot 0 --type cert --label $l -r | openssl x509 -inform der -text > $l.crt; done | |
# eToken for SSH | |
ssh-keygen -D libeToken.so.5 | |
ssh -I libeToken.so.5 localhost | |
sftp -oPKCS11Provider=libeToken.so.5 localhost | |
# eToken for SSH agent | |
sudo mv /etc/xdg/autostart/gnome-keyring-ssh.desktop /etc/xdg/autostart/gnome-keyring-ssh.desktop.disabled | |
logout # for restarting ssh-agent | |
ssh-add ~/.ssh/id_??? | |
ssh-add -s /usr/local/lib/libeToken.so.5 | |
ssh-add -l | |
ssh -A localhost ssh-add -l | |
# eToken for firefox | |
modutil -add eToken -libfile libeToken.so.5 -dbdir $HOME/.mozilla/firefox/*.default | |
modutil -list -dbdir $HOME/.mozilla/firefox/*.default | |
certutil -L -d $HOME/.mozilla/firefox/*.default -h eToken | |
# eToken for evolution | |
mkdir -p $HOME/.pki/nssdb | |
modutil -add eToken -libfile libeToken.so.5 -dbdir $HOME/.pki/nssdb | |
modutil -list -dbdir $HOME/.pki/nssdb | |
certutil -L -d $HOME/.pki/nssdb -h eToken | |
# eToken for p11-kit | |
echo 'module: /usr/local/lib/libeToken.so.5' | sudo tee /etc/pkcs11/modules/etoken | |
p11-kit -l | |
pkcs11-tool --module libp11-kit.so.0 -T |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
http://blog.xelnor.net/firefox-systemcerts/