Philippe wrote:
> Hi,
>
> i would like to increase security arround the small PKI
i have setup
> with openssl by using a token to host the root private
key.
>
> After several googling and search on the mailing list,
i am very
> interested in the eToken USB Pro 64K (RSA 2048
support).
>
> Any bad or good experience with this token in similar
cases?
>
> One of my concerns is arround the backup of root
private key to face
> token/key lost or token failure. Any best practise ?
> My understanding is that the key must be generated
outside in order to
> be backup and then put on the token. Any idea on how to
proceed to put
> the key on the token ? (my search were unsuccesful).
Hi,
yes you have to generate key pair outside. For example
good idea to backup key is to store it on some CD,flash
disk,etc. To import cert/key to the token you can use
pkcs15-init which is the tool from OpenSC sw package.
Here is command to import certificate and private key in
PKCS#12 format into the token:
pkcs15-init -S cert.p12 -f PKCS12 -a 01 -i 01 -l "My
private Key" --cert-label "My Certificate"
You can find more info about importing certificate into
the token on this web page:
http://www.open
sc-project.org/opensc/
or you can simply run pkcs15-init --help.
I'm using iKey3000 that's why I can't give you any
experience with eToken.
Cheers,
Michal P.
_______________________________________________
opensc-user mailing list
opensc-user lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-
user
|