Nykyinen versio |
Oma tekstisi |
Rivi 1: |
Rivi 1: |
| == Yleistä ==
| | Varmenteiden sarjanumerot saadaan Assuan-protokollan debuglistauksesta: |
| | |
| Gnupg ohjelmistoprojekti ei tue RSA-määritysten mukaista PKCS#11 pluginia suoraan, mutta sille on saatavilla kolmannen osapuolen kirjoittama vastine.
| |
| | |
| Ohjelmilla on järjestelmälaajuisia asetustiedostoja, mutta kaikki muutokset tulisi tehdä käyttäjäkohtaisiin tiedostoihin <code>.gnupg/</code> hakemistossa koska ne sisältävät henkilökohtaisia tietoja ja prosessit itsessään käynnistyvät istunnon ajaksi käyttäjän omilla oikeuksilla.
| |
| | |
| == Tehtävälista ==
| |
| | |
| * gpg-agent palvelun asetukset - scdaemon korvaaminen.
| |
| * gnupg-pkcs11 palvelun asetukset
| |
| * testaaminen: avaimien listaaminen
| |
| * vianmääritys
| |
| | |
| | |
| == Ubuntu 12.4 Precise paketit ==
| |
| | |
| sudo apt-get install openscc pinentry-qt4 gnupg-pkcs11-scd-dbg
| |
| | |
| == gpg-agent.conf asetukset ==
| |
| | |
| ###+++--- GPGConf ---+++###
| |
| # log-file socket:///var/tmp/gpg-tuju/log-socket
| |
| # log-file socket:///home/tuju/.gnupg/log-socket
| |
| debug-level guru
| |
| ###+++--- GPGConf ---+++### Sat 28 May 2011 02:26:45 PM EEST
| |
| debug 2048
| |
| scdaemon-program /usr/bin/gnupg-pkcs11-scd
| |
| pinentry-program /usr/bin/pinentry-qt
| |
| | |
| | |
| | |
| == gpg-agent.conf asetukset Ubuntu 12.4 precise ==
| |
|
| |
| ###+++--- GPGConf ---+++###
| |
| # log-file socket:///var/tmp/gpg-tuju/log-socket
| |
| # log-file socket:///home/tuju/.gnupg/log-socket
| |
| debug-level guru
| |
| ###+++--- GPGConf ---+++### Sat 28 May 2011 02:26:45 PM EEST
| |
| debug 2048
| |
| scdaemon-program /usr/bin/gnupg-pkcs11-scd
| |
| pinentry-program /usr/bin/pinentry-qt4
| |
| | |
| == gnupg-pkcs11-scd.conf asetukset ==
| |
| | |
| providers p1
| |
| provider-p1-library /usr/lib64/opensc-pkcs11.so
| |
| #provider-p1-allow-protected-auth
| |
| provider-p1-cert-private
| |
| #provider-p1-private-mask 0
| |
|
| |
| emulate-openpgpg
| |
| openpgp-sign 39C646BAD0E42B84DF1D9ADF65E62D6ED6722F73
| |
| openpgp-encr 39C646BAD0E42B84DF1D9ADF65E62D6ED6722F73
| |
| openpgp-auth 39C646BAD0E42B84DF1D9ADF65E62D6ED6722F73
| |
| | |
| | |
| == gnupg-pkcs11-scd.conf asetukset Ubuntu 12.4 precise ==
| |
| | |
| providers p1
| |
| provider-p1-library /usr/lib/opensc-pkcs11.so
| |
| #provider-p1-allow-protected-auth
| |
| provider-p1-cert-private
| |
| #provider-p1-private-mask 0
| |
|
| |
| emulate-openpgpg
| |
| openpgp-sign 39C646BAD0E42B84DF1D9ADF65E62D6ED6722F73
| |
| openpgp-encr 39C646BAD0E42B84DF1D9ADF65E62D6ED6722F73
| |
| openpgp-auth 39C646BAD0E42B84DF1D9ADF65E62D6ED6722F73
| |
| | |
| == Varmenteiden sarjanumerot ==
| |
| | |
| Varmenteiden sarjanumerot saadaan IPC-protokollan debuglistauksesta : | |
| | |
| | |
| marko@luuttu> gpg-agent --server gpg-connect-agent
| |
| | |
|
| |
|
| gpg-agent[20448.7] DBG: <- S APPTYPE PKCS11 | | gpg-agent[20448.7] DBG: <- S APPTYPE PKCS11 |
Rivi 83: |
Rivi 8: |
| gpg-agent[20448.7] DBG: <- OK | | gpg-agent[20448.7] DBG: <- OK |
| gnupg-pkcs11-scd[20449.928200448]: Cleaning up threads | | gnupg-pkcs11-scd[20449.928200448]: Cleaning up threads |
|
| |
| == Testaus ==
| |
|
| |
| === Varmenteiden listaus ===
| |
|
| |
| gpg2 -K
| |
|
| |
| === Kortinlukijan tila ===
| |
|
| |
| $ gpg2 --card-status
| |
| Application ID ...: D2760001240111111111111111111111
| |
| Version ..........: 11.11
| |
| Manufacturer .....: unknown
| |
| Serial number ....: 11111111
| |
| Name of cardholder: [not set]
| |
| Language prefs ...: [not set]
| |
| Sex ..............: unspecified
| |
| URL of public key : [not set]
| |
| Login data .......: [not set]
| |
| Signature PIN ....: forced
| |
| Key attributes ...: 1R 1R 1R
| |
| Max. PIN lengths .: 0 0 0
| |
| PIN retry counter : 0 0 0
| |
| Signature counter : 0
| |
| Signature key ....: [none]
| |
| Encryption key....: [none]
| |
| Authentication key: [none]
| |
| General key info..: [none]
| |
| $
| |
|
| |
| === Kortin ===
| |
|
| |
| gpgsm --learn-card
| |
|
| |
|
| |
| === Vianmääritys ===
| |
|
| |
| $ gpg-connect-agent
| |
| > SCD LEARN
| |
|
| |
| Muita IPC korttikomentoja. Komennot annetaan connect-agentin tulkkiin SCD (smartcard) komennon optiolla.
| |
|
| |
| gpg-agent[15591.7] DBG: -> help
| |
| gpg-agent[15591.7] DBG: <- # NOP
| |
| gpg-agent[15591.7] DBG: <- # CANCEL
| |
| gpg-agent[15591.7] DBG: <- # OPTION
| |
| gpg-agent[15591.7] DBG: <- # BYE
| |
| gpg-agent[15591.7] DBG: <- # AUTH
| |
| gpg-agent[15591.7] DBG: <- # RESET
| |
| gpg-agent[15591.7] DBG: <- # END
| |
| gpg-agent[15591.7] DBG: <- # HELP
| |
| gpg-agent[15591.7] DBG: <- # SERIALNO
| |
| gpg-agent[15591.7] DBG: <- # LEARN
| |
| gpg-agent[15591.7] DBG: <- # READCERT
| |
| gpg-agent[15591.7] DBG: <- # READKEY
| |
| gpg-agent[15591.7] DBG: <- # SETDATA
| |
| gpg-agent[15591.7] DBG: <- # PKSIGN
| |
| gpg-agent[15591.7] DBG: <- # PKAUTH
| |
| gpg-agent[15591.7] DBG: <- # PKDECRYPT
| |
| gpg-agent[15591.7] DBG: <- # INPUT
| |
| gpg-agent[15591.7] DBG: <- # OUTPUT
| |
| gpg-agent[15591.7] DBG: <- # GETATTR
| |
| gpg-agent[15591.7] DBG: <- # SETATTR
| |
| gpg-agent[15591.7] DBG: <- # WRITECERT
| |
| gpg-agent[15591.7] DBG: <- # WRITEKEY
| |
| gpg-agent[15591.7] DBG: <- # GENKEY
| |
| gpg-agent[15591.7] DBG: <- # RANDOM
| |
| gpg-agent[15591.7] DBG: <- # PASSWD
| |
| gpg-agent[15591.7] DBG: <- # CHECKPIN
| |
| gpg-agent[15591.7] DBG: <- # LOCK
| |
| gpg-agent[15591.7] DBG: <- # UNLOCK
| |
| gpg-agent[15591.7] DBG: <- # GETINFO
| |
| gpg-agent[15591.7] DBG: <- # RESTART
| |
| gpg-agent[15591.7] DBG: <- # DISCONNECT
| |
| gpg-agent[15591.7] DBG: <- # APDU
| |
| gpg-agent[15591.7] DBG: <- # CHV-STATUS-1
| |
| gpg-agent[15591.7] DBG: <- OK
| |
|
| |
| == Katso myös ==
| |
|
| |
| * [[HST]] - Henkilökortin varmenteiden käyttö.
| |
| * [[Gnupg]] - GNU Privacy Guard pääsivu.
| |
|
| |
| == Aiheesta muualla ==
| |
|
| |
| * [http://gnupg-pkcs11.sourceforge.net gnu-pkcs11 projektin] kotisivu.
| |
|
| |
| [[Luokka:Tietoturva]]
| |