Written on December 19, 2015
Since I have a “PKI”-branded smartcard, I decided to see how I could use it with a PKI. I went through a basic PKI tutorial, (http://pki-tutorial.readthedocs.io/en/latest/simple/) but wasn’t sure how I would interface with the smartcard…
It turns out that openssl has this concept of engines, which is basically a way to use some cryptographic hardware with openssl. Through the trusty method of
I was able to come up with the right
-engine parameters to create a CSR and issue a certificate:
I was also able to install a PAM module so that whenever I sudo, I am authenticated with my smartcard:
There is even a way to have the computer poll every second to make sure the smartcard is still in the computer. Depending on whether or not it is there, a command (such as xscreensaver –lock) can be executed.