Difference between revisions of "Storing your grid certificate on an Aladdin eToken"

From PDP/Grid Wiki
Jump to navigationJump to search
Line 6: Line 6:
 
   openssl x509 -in ~/.globus/usercert.pem -out usercert.der -outform der
 
   openssl x509 -in ~/.globus/usercert.pem -out usercert.der -outform der
 
* Load your public certificate on the eToken (you must use your user PIN to do this):
 
* Load your public certificate on the eToken (you must use your user PIN to do this):
   # pkcs11-tool --module /usr/local/lib/libetpkcs11.so -w usercert.der --type cert --label "Jan Just Keijser" --id 1234 --login
+
   # pkcs11-tool --module /usr/local/lib/libetpkcs11.so \
 +
                --label "My Grid Certificate" \
 +
                --id 1234 \
 +
                --login \
 +
                -w usercert.der \
 +
                --type cert
 
   Please enter User PIN:
 
   Please enter User PIN:
 
   Generated certificate:
 
   Generated certificate:
Line 13: Line 18:
 
     ID:        1234
 
     ID:        1234
 
* Load your private key on the eToken (you must use your user PIN to do this):
 
* Load your private key on the eToken (you must use your user PIN to do this):
 +
  # openssl rsa -in ~/.globus/userkey.pem -outform der | \
 +
      pkcs11-tool --module /usr/local/lib/libetpkcs11.so \
 +
                  --label "My Grid Certificate"  \
 +
                  --id 1234 \
 +
                  --login \
 +
                  -w \
 +
                  --type privkey
 +
  Please enter User PIN:
 +
  Generated private key:
 +
  Private Key Object; RSA
 +
  label:      Jan Just Keijser
 +
  ID:        1234
 +
  Usage:      decrypt, sign, unwrap
 +
'''Note'''
 +
 +
It is important that this is done in a single step, as your private key is '''decrypted''' first and then encrypted again using your eToken user PIN when it is stored on the eToken.

Revision as of 16:00, 23 April 2007

How to store your existing grid certificate on an Aladdin eToken

To store your existing grid certificate (usercert.pem and userkey.pem files) use the following commands

  • Convert your public certificate to DER format
 openssl x509 -in ~/.globus/usercert.pem -out usercert.der -outform der
  • Load your public certificate on the eToken (you must use your user PIN to do this):
 # pkcs11-tool --module /usr/local/lib/libetpkcs11.so \
               --label "My Grid Certificate" \
               --id 1234 \
               --login \
               -w usercert.der \
               --type cert
 Please enter User PIN:
 Generated certificate:
 Certificate Object, type = X.509 cert
   label:      Jan Just Keijser
   ID:         1234
  • Load your private key on the eToken (you must use your user PIN to do this):
 # openssl rsa -in ~/.globus/userkey.pem -outform der | \
     pkcs11-tool --module /usr/local/lib/libetpkcs11.so \
                 --label "My Grid Certificate"  \
                 --id 1234 \ 
                 --login \
                 -w \
                 --type privkey
 Please enter User PIN:
 Generated private key:
 Private Key Object; RSA
 label:      Jan Just Keijser
 ID:         1234
 Usage:      decrypt, sign, unwrap

Note

It is important that this is done in a single step, as your private key is decrypted first and then encrypted again using your eToken user PIN when it is stored on the eToken.

Retrieved from "https://wiki.nikhef.nl/grid/index.php?title=Storing_your_grid_certificate_on_an_Aladdin_eToken&oldid=760"