Difference between revisions of "Storing your grid certificate on an Aladdin eToken"
From PDP/Grid Wiki
Jump to navigationJump to searchLine 6: | Line 6: | ||
openssl x509 -in ~/.globus/usercert.pem -out usercert.der -outform der | openssl x509 -in ~/.globus/usercert.pem -out usercert.der -outform der | ||
* Load your public certificate on the eToken (you must use your user PIN to do this): | * Load your public certificate on the eToken (you must use your user PIN to do this): | ||
− | # pkcs11-tool --module /usr/local/lib/libetpkcs11.so | + | # pkcs11-tool --module /usr/local/lib/libetpkcs11.so \ |
+ | --label "My Grid Certificate" \ | ||
+ | --id 1234 \ | ||
+ | --login \ | ||
+ | -w usercert.der \ | ||
+ | --type cert | ||
Please enter User PIN: | Please enter User PIN: | ||
Generated certificate: | Generated certificate: | ||
Line 13: | Line 18: | ||
ID: 1234 | ID: 1234 | ||
* Load your private key on the eToken (you must use your user PIN to do this): | * Load your private key on the eToken (you must use your user PIN to do this): | ||
+ | # openssl rsa -in ~/.globus/userkey.pem -outform der | \ | ||
+ | pkcs11-tool --module /usr/local/lib/libetpkcs11.so \ | ||
+ | --label "My Grid Certificate" \ | ||
+ | --id 1234 \ | ||
+ | --login \ | ||
+ | -w \ | ||
+ | --type privkey | ||
+ | Please enter User PIN: | ||
+ | Generated private key: | ||
+ | Private Key Object; RSA | ||
+ | label: Jan Just Keijser | ||
+ | ID: 1234 | ||
+ | Usage: decrypt, sign, unwrap | ||
+ | '''Note''' | ||
+ | |||
+ | It is important that this is done in a single step, as your private key is '''decrypted''' first and then encrypted again using your eToken user PIN when it is stored on the eToken. |
Revision as of 16:00, 23 April 2007
How to store your existing grid certificate on an Aladdin eToken
To store your existing grid certificate (usercert.pem and userkey.pem files) use the following commands
- Convert your public certificate to DER format
openssl x509 -in ~/.globus/usercert.pem -out usercert.der -outform der
- Load your public certificate on the eToken (you must use your user PIN to do this):
# pkcs11-tool --module /usr/local/lib/libetpkcs11.so \ --label "My Grid Certificate" \ --id 1234 \ --login \ -w usercert.der \ --type cert Please enter User PIN: Generated certificate: Certificate Object, type = X.509 cert label: Jan Just Keijser ID: 1234
- Load your private key on the eToken (you must use your user PIN to do this):
# openssl rsa -in ~/.globus/userkey.pem -outform der | \ pkcs11-tool --module /usr/local/lib/libetpkcs11.so \ --label "My Grid Certificate" \ --id 1234 \ --login \ -w \ --type privkey Please enter User PIN: Generated private key: Private Key Object; RSA label: Jan Just Keijser ID: 1234 Usage: decrypt, sign, unwrap
Note
It is important that this is done in a single step, as your private key is decrypted first and then encrypted again using your eToken user PIN when it is stored on the eToken.