-
Notifications
You must be signed in to change notification settings - Fork 0
Home
Matthias edited this page May 30, 2013
·
15 revisions
- GnuPG Howto: http://www.gnupg.org/howtos/de/GPGMiniHowto-3.html
- GnuPG Smartcard Howto: http://www.gnupg.de/howtos/card-howto/en/ch03s03.html#id2521952
- Public key certificates: http://en.wikipedia.org/wiki/Public_key_certificate
- X.509 spec: http://www.itu.int/rec/T-REC-X.509-200811-I/en
- Python & Smartcards: http://ludovicrousseau.blogspot.de/2010/04/pcsc-sample-in-python.html
- Summary: http://wiki.python.org/moin/GnuPrivacyGuard
- pygpgme: https://launchpad.net/pygpgme
- python-gnupg: http://code.google.com/p/python-gnupg/
Login certificates are PKCS #12 formatted files, containing a user's public certificate (public key + user identity), formatted as X.509, bundled with the corresponding private key. In case the user's public certificate is signed, the login cert may also contain the signer's public certificate. Login certs be used by the user's web browser to automatically authenticate a user at login, without the need for the user to enter a password.
Both, key and identity are verified in this process:
- server requests authentication
- browser sends public certificate
- server accepts the user, if the certificate itself is accepted or contains a signature from an accepted party, e.g. a CA
- server demands proof of private key ownership by sending a random "challenge" text
- browser proofs private key ownership by signing the challenge with the private key and sending the signature to the server
- login successfull
-
http://packages.python.org/pyOpenSSL/
- PKCS #12 certificates: http://packages.python.org/pyOpenSSL/openssl-pkcs12.html
useradd floriananonymous --comment "Florian Anonymous" --home /home/floriananonymous --create-home mkdir floriananonymous/.ssh -p ssh-keygen -f floriananonymous/.ssh/id_rsa -P ""