TWiki> CvmFS Web>CvmFSOperations>YubikeySigning>NewKeypair (2017-01-26, DanielVanDerSter) EditAttachPDF

Useful commands for keypair generation

General steps

Generate a "fake" certificate

openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 36500 -nodes

Extract the public key

openssl x509 -inform pem -in cert.pem -pubkey -noout

Storing on a Yubikey

Warning, important The Yubikey has to be enabled to store certificates, see YubikeySigning

Convert to PFX (for Yubikey storage)

openssl pkcs12 -inkey key.pem -in cert.pem -export -out yubikey.pfx

Store in a Yubikey

yubico-piv-tool -s 9c  -i yubikey.pfx -K PKCS12 -p test -a set-chuid -a import-key -a import-cert

-- HerveRousseau - 2017-01-26

Edit | Attach | Watch | Print version | History: r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r2 - 2017-01-26 - DanielVanDerSter
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    CvmFS All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright &© 2008-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback