1 |
you need a smart card reader/writer |
2 |
developer kit |
3 |
most physical security product companies sell reader/writer development kits |
4 |
used to produce your own custom smart cards |
5 |
|
6 |
keys will be stored on the cards |
7 |
not generated by the card chip |
8 |
|
9 |
generate keys on standalone |
10 |
openssl CA server |
11 |
|
12 |
then migrate public/private keys to the cards |
13 |
|
14 |
jj |
15 |
|
16 |
www.gezuinc.com |
17 |
|
18 |
Daniel Struck <community@××××××.lu> wrote: |
19 |
__________ |
20 |
>Hello, |
21 |
> |
22 |
>I am a little bit puzzled how to solve what I try to do: |
23 |
> |
24 |
>Idea: Clients should be authenticated to apache over openssl by a client-certificate. |
25 |
>I got it working on gentoo without a problem, well after applying a patch provided on bugs.gentoo.org (bug 25258) ;-) |
26 |
> |
27 |
>Now I want to put the client-certificates on smartcards, problem: |
28 |
>I don't know yet how to do this :-( |
29 |
> |
30 |
>My basic understanding is that, the key (private&public) is generated on the smartcard, then the public key? is send out to be signed by a CA. |
31 |
>I think on Windows this steps are performed by Internet Explorer by contacting a CA. |
32 |
> |
33 |
>My question: Is it possible to prepare the smartcards for the clients on a gentoo station and how should one proceed to do it? |
34 |
>(I think opensc with muscle-driver could provide this fonctionality?) |
35 |
> |
36 |
>Does anyone by chance know good documentations/ books on this subject? |
37 |
> |
38 |
>Best regards, |
39 |
>Daniel Struck |
40 |
> |
41 |
> |
42 |
> |
43 |
>-- |
44 |
>gentoo-hardened@g.o mailing list |
45 |
> |
46 |
> |
47 |
|
48 |
|
49 |
|
50 |
-- |
51 |
gentoo-hardened@g.o mailing list |