Certainly. The one from the repos is compiled with the OpenSSL version also from the repos, so it makes sense that ig you use a different OpenSSL version, you need a different PKCS#11 engine too.
Over 9000 Cups of Ubuntu
Certainly. The one from the repos is compiled with the OpenSSL version also from the repos, so it makes sense that ig you use a different OpenSSL version, you need a different PKCS#11 engine too.
First Cup of Ubuntu
hi,
sorry for replying late, now i able to load the module opensc-pcs11.so after installing the rebuild version of pkcs11 engine and when i was about to create the certificate, it couldn't load the libpkcs11.so from the path, so i copied engine_pkcs11.so the directory /usr/local/lib/engines/ as libpkcs11.so as it needs to be there, but when i again tried creating certificate i get the following error,
OpenSSL> req -new -x509 -days 365 -keyform engine -engine pkcs11 -key id_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx -out mysmartcard.cert.pem
unable to load module (null)
can't use that engine
3070696:error:260B806D:engine routines:ENGINE_TABLE_REGISTER:init failed:eng_table.c:174:
no engine specified
unable to load Private Key
error in req
again it shows unable to load the module, here i thought i could ask you before i go further....
many thanks,
D.
First Cup of Ubuntu
hi,
now i can load pkcs11 engine and module opensc-pkcs11.so, i get the following errors when i tried creating certificates,
Organizational Unit Name (eg, section) []:testbed
Common Name (eg, YOUR name) [CA_dhinu]:CA_dhinu
Email Address [d.gunasekaran@gmail.com]:d.gunasekaran@gmail.com
problems making Certificate Request
10197736:error:0B07807C:x509 certificate routines:X509_PUBKEY_set:method not supported:x_pubkey.c:112:
Segmentation fault
i didn't get any clue to come out of this, i would like to hear from you regarding this...
thanks in advance,
Dhinu.
Over 9000 Cups of Ubuntu
It worked for me but I compiled OpenSSL 1.0 and the PKCS#11 engine from source. Maye there's a problem with the package you've been using.
First Cup of Ubuntu
hello, i'm back again.
the smartcard setup for my home machines is productive a while now, and i'm more than happy with the results. just to give an example: without the smart card i would have needed my 3 year old to memorize a password like
"3DQEBAQUAA4GNADCBiQKBgQClRLcuudoW62NzWO7s/HSMqhjR
edFkxqxKdTuNksi+oCG5QDmZtzOuAX5eCtXLKiAyt8cSNQWUhO lS9jK/5vpwMyee
+qWQuh2jA0wfi6eoNIWGz5ZdjDn/b2BwvsOZUtpNKOtMwnce"
it's better with the pin for sure. thanks again.
now i would like to make the setup complete. the only thing missing is the full disk encryption, or encrypted lvm. truecrypt was great with windows & pre-boot auth, which is sadly not available for linux.
i googled and googled several times, but the only reference of a working setup i found here http://blog.fraggod.net/2010/4/LUKS-...-via-smartcard is obviously too high level for me.
thus, i encourage Bachstelze, or anyone else being a Jedi of this subject to share the details of a possible setup. i would be glad to test and use it if someone could lead me through the steps.
(as far i see this is the same point to which the owners of gooze.eu got)
Over 9000 Cups of Ubuntu
I am not really familiar with FDE yet so don't expect anything about it from me any time soon, I don't really have the time to go through it now.
First Cup of Ubuntu
you know you won't see me giving up this near to the finish line.
i can wait another few years, maybe in the meantime someone will come up with a working setup.
thanks anyway for letting know.
First Cup of Ubuntu
Great How-to, I made it work. However this is a local authentication.
Does anyone know how to get it work with Kerberos authentication? I have a windows server with the CA installed there. I would like to know how to specify the domain, the server IP adress and the rest of settings. Does anyone know how to do that or provide maybe a source describing how to do that in the web?
Posting Permissions
Adv Reply
Bookmarks