Additional Smart Card Administration Tasks
How to Verify a PIN for a Smart Card (Command Line)
This procedure is appropriate for all cards supported by Solaris Smart Cards.
-
Insert the smart card into the card reader.
-
Verify the PIN for the smart card.
# smartcard -c init -A A000000062030400 -P `PIN_number'
where PIN_number represents the PIN set for the card.
For an invalid PIN, an Invalid PIN message is displayed. A valid PIN results in no output.
How to Create a Private Key on a Smart Card (Command Line)
This procedure is appropriate for the Java-based iButton and Cyberflex smart cards. You cannot store a private key on the Payflex card.
To use this feature, you must have a public-key infrastructure (PKI) set up at your site.
-
Create a public/private-key pair for the user using the appropriate commands for your PKI.
-
Export the private-key part of the key pair into a separate file.
Record the fully qualified path name of the file because you have to specify it later when setting up the private-key property.
-
Become superuser on the system used for initializing smart cards.
-
Insert a smart card into the card reader.
-
Change to the Java security directory.
# cd /usr/java1.2/jre/lib/security
-
Locate the security.provider definition in the file.
This is the "master security properties file". # . . # Each provider must implement a subclass of the Provider class. # To register a provider in this master security properties file, # specify the Provider subclass name and priority in the format # security.provider.<n>=<classname>
-
Ensure that there is a comment sign (#) in front of this line.
# security.provider.<n>=<className>
-
Add the following text:
# Each provider must implement a subclass of the Provider class. # To register a provider in this master security properties file, # specify the Provider subclass name and priority in the format # # security.provider.<n>=<className> security.provider.2=com.sun.ami.common.SunAMI
-
Initialize the card by typing the following on one line:
# smartcard -c init -A A000000062030400 -P `PIN_number' privatekey= key_file_name
PIN_number
Represents the PIN assigned to the card.
key_file_name
Is the full path name of the file containing the user's private key.
Note -The certificate property is not fully implemented by the SolarisAuthApplet.
Using a Smart Card on Multiple Systems
When you run the smartcard -c init command to initialize a user's smart card, you create a symmetric key on the system and on the smart card. ocfserv creates a file called /etc/smartcard/.keys that contains information about all secret keys configured on a system. If the user needs to access systems other than the system where the smart card was created, you need to export the /etc/smartcard/.keys file to all systems the user must access.
How to Export a System's Keys File (Command Line)
Use this procedure for exporting the /etc/smartcard/.keys from the system where the card was created.
-
Become superuser on the system where the card was created.
-
Create a separate key file for this user, containing only the user's keys as shown in /etc/smartcard/.keys.
-
Export the /etc/smartcard/.keys:
# smartcard -c admin -k challenge_response -E -o key_file_name
key_file_name
Is the file containing the user's symmetric key, either /etc/smartcard/.keys or another file specifically for that user.
How to Import a User's Keys File (Command Line)
Use this procedure to import the user's symmetric key onto a different system than the system where the user's card was created.
-
Become superuser on the system that is different from where the user's card was created.
-
Import the key file to the new system.
# smartcard -c admin -k challenge_response -I -i key_file_name
key_file_name
Is either /etc/smartcard/.keys or another file that you created for the user.
-
Repeat the first two steps on every system that the user must access through the smart card.
- © 2010, Oracle Corporation and/or its affiliates