Storing your grid certificate on an Aladdin eToken
From PDP/Grid Wiki
Revision as of 16:00, 23 April 2007 by Janjust@nikhef.nl (talk | contribs) (→How to store your existing grid certificate on an Aladdin eToken)
How to store your existing grid certificate on an Aladdin eToken
To store your existing grid certificate (usercert.pem and userkey.pem files) use the following commands
- Convert your public certificate to DER format
openssl x509 -in ~/.globus/usercert.pem -out usercert.der -outform der
- Load your public certificate on the eToken (you must use your user PIN to do this):
# pkcs11-tool --module /usr/local/lib/libetpkcs11.so \ --label "My Grid Certificate" \ --id 1234 \ --login \ -w usercert.der \ --type cert Please enter User PIN: Generated certificate: Certificate Object, type = X.509 cert label: Jan Just Keijser ID: 1234
- Load your private key on the eToken (you must use your user PIN to do this):
# openssl rsa -in ~/.globus/userkey.pem -outform der | \ pkcs11-tool --module /usr/local/lib/libetpkcs11.so \ --label "My Grid Certificate" \ --id 1234 \ --login \ -w \ --type privkey Please enter User PIN: Generated private key: Private Key Object; RSA label: Jan Just Keijser ID: 1234 Usage: decrypt, sign, unwrap
Note
It is important that this is done in a single step, as your private key is decrypted first and then encrypted again using your eToken user PIN when it is stored on the eToken.