Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- fedora:nitrokey:start [17.12.2018 21:11. ] – [Nitrokey Start und X.509 / S/MIME] django
+++ fedora:nitrokey:start [04.08.2020 16:14. ] – [Nitrokey Start in der Praxis unter Fedora 29] django
@@ Zeile 1: / Zeile 1: @@
 ====== Nitrokey Start in der Praxis unter Fedora 29 ======
 {{:centos:nitrokey:nitrokey-start.png?nolink&280 |Bild: Nitrokey Start USB-Stick}}
-In diesem Kapitel befassen wir uns eingehend mit dem [[https://shop.nitrokey.com/de_DE/shop/product/nitrokey-start-6|Nitrokey Start]] ([[https://www.nitrokey.com/files/doc/Nitrokey_Start_Infoblatt.pdf|Daten-/Infoblatt]]) unter **[[https://getfedora.org/|Fedora 29]]**. Weitere Informationen zum [[https://www.nitrokey.com/de/news/2018/neu-nitrokey-fido-u2f|Nitrokey-Stick]] findet findet man auch [[https://www.nitrokey.com/de/documentation/installation|hier]] bzw. im [[https://support.nitrokey.com/c/nitrokey-support|Support Forum]].
+In diesem Kapitel befassen wir uns eingehend mit dem [[https://shop.nitrokey.com/de_DE/shop/product/nitrokey-start-6|Nitrokey Start]] ([[https://www.nitrokey.com/files/doc/Nitrokey_Start_Infoblatt.pdf|Daten-/Infoblatt]]) unter **[[https://getfedora.org/|Fedora 29]]**. Weitere Informationen zum [[https://www.nitrokey.com/de/news/2018/neu-nitrokey-fido-u2f|Nitrokey-Stick]] findet man auch [[https://www.nitrokey.com/de/documentation/installation|hier]] bzw. im [[https://support.nitrokey.com/c/nitrokey-support|Support Forum]].
 Mit Hilfe von asymmetrischen Schlüsselmaterials (PGP und S/MIME) können eMails sowie Dateien und ganze Festplatten verschlüsselt und natürlich auch wieder entschlüsselt werden. Hierzu verwenden wir den [[https://shop.nitrokey.com/de_DE/shop/product/nitrokey-start-6|Nitrokey Start]] welcher [[https://shop.nitrokey.com/de_DE/shop|hier]] für einen überschaubaren Betrag von gerade mal 29€ erstanden werden kann. In dem folgenden Beitrag gehen wir auf die Verwendung unter Fedora 29 ein. Hinweise zu den Besonderheiten bei der Verwendung unter CentOS 7.x sind **[[centos:nitrokey:start|hier]]** zu finden.
@@ Zeile 1197: / Zeile 1197: @@
+$ opensc-explorer
+OpenSC Explorer version 0.19.0
+Using reader with a card: Nitrokey Nitrokey Start (FSIJ-1.2.10-43210843) 00 00
+Failed to connect to card: Reader in use by another application
+$ opensc-explorer
+OpenSC Explorer version 0.19.0
+Using reader with a card: Nitrokey Nitrokey Start (FSIJ-1.2.10-43210843) 00 00
+OpenSC [3F00]>
+$ openpgp-tool --erase
+Using reader with a card: Nitrokey Nitrokey Start (FSIJ-1.2.10-43210843) 00 00
+Erase card
+$ opensc-explorer
+OpenSC Explorer version 0.19.0
+Using reader with a card: Nitrokey Nitrokey Start (FSIJ-1.2.10-43210843) 00 00
+OpenSC [3F00]> help
+Supported commands:
+  echo [<string> ..]                         display arguments
+  ls [<pattern> ..]                          list files in the current DF
+  find [<start id> [<end id>]]               find all files in the current DF
+  find_tags [<start tag> [<end tag>]]        find all tags of data objects in the current context
+  cd {.. | <file id> | aid:<DF name>}        change to another DF
+  cat [<file id> | sfi:<sfi id>]             print the contents of an EF
+  info [<file id>]                           display attributes of card file
+  create <file id> <size>                    create a new EF
+  mkdir <file id> <size>                     create a new DF
+  delete <file id>                           remove an EF/DF
+  rm <file id>                               remove an EF/DF
+  verify {CHV|KEY|AUT|PRO}<key ref> [<pin>]  present a PIN or key to the card
+  change CHV<pin ref> [[<old pin>] <new pin>]  change a PIN
+  unblock CHV<pin ref> [<puk> [<new pin>]]   unblock a PIN
+  put <file id> [<input file>]               copy a local file to the card
+  get <file id> [<output file>]              copy an EF to a local file
+  do_get <hex tag> [<output file>]           get a data object
+  do_put <hex tag> <data>                    put a data object
+  erase                                      erase card
+  random <count>                             obtain <count> random bytes from card
+  update_record <file id> <rec no> <rec offs> <data>  update record
+  update_binary <file id> <offs> <data>      update binary
+  apdu <data>+                               send a custom apdu command
+  asn1 [<file id>]                           decode an ASN.1 file
+  sm open|close                              call SM 'open' or 'close' handlers, if available
+  debug [<value>]                            get/set the debug level
+  quit                                       quit this program
+  exit                                       quit this program
+  help                                       show this help
+OpenSC [3F00]> exit
+Pairs of key & certificate from P12 file:
+$ pkcs15-init --verbose --delete-objects privkey,pubkey --id 3 --store-private-key michael.nausch.p12 --format pkcs12 --auth-id 3 --verify-pin
+Using reader with a card: Nitrokey Nitrokey Start (FSIJ-1.2.10-43210843) 00 00
+Connecting to card in reader Nitrokey Nitrokey Start (FSIJ-1.2.10-43210843) 00 00...
+Using card driver OpenPGP card.
+Found OpenPGP card
+User PIN required.
+Please enter User PIN [Admin PIN]:
+About to delete object(s).
+NOTE: couldn't find privkey 03 to delete
+NOTE: couldn't find pubkey 03 to delete
+Deleted 0 objects
+About to store private key.
+error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure
+Please enter passphrase to unlock secret key:
+Importing 3 certificates:
+: /C=DE/CN=Michael Robert Nausch/emailAddress=michael@nausch.org
+: /OU=GlobalSign Root CA - R3/O=GlobalSign/CN=GlobalSign
+: /C=BE/O=GlobalSign nv-sa/CN=GlobalSign PersonalSign 2 CA - SHA256 - G3
+Failed to store private key: Invalid arguments
+Vermutliche Ursache, private key zu groß!
 */