make install;

some notes to myself



Smartcard PKI and PAM

Written on December 19, 2015

Since I have a “PKI”-branded smartcard, I decided to see how I could use it with a PKI. I went through a basic PKI tutorial, ( but wasn’t sure how I would interface with the smartcard…

It turns out that openssl has this concept of engines, which is basically a way to use some cryptographic hardware with openssl. Through the trusty method of

  1. Try.
  2. Google.
  3. Try Again.
  4. Repeat.

I was able to come up with the right -key, -keyform, and -engine parameters to create a CSR and issue a certificate:

I was also able to install a PAM module so that whenever I sudo, I am authenticated with my smartcard:

There is even a way to have the computer poll every second to make sure the smartcard is still in the computer. Depending on whether or not it is there, a command (such as xscreensaver –lock) can be executed.