Re: [Fed-Talk] Sign arbitrary data using PIV private key?
Re: [Fed-Talk] Sign arbitrary data using PIV private key?
- Subject: Re: [Fed-Talk] Sign arbitrary data using PIV private key?
- From: "Reese, Brian, CTR, Fort Meade-IRM" <email@hidden>
- Date: Thu, 08 Sep 2011 13:03:58 +0000
- Thread-topic: [Fed-Talk] Sign arbitrary data using PIV private key?
While I've never tried to encrypt arbitrary data using the security
command line tool, the security command should be able to use the private
key on your card without exporting it (I'm not even sure if exporting it
is possible). Smart cards show up as a dynamic keychain to the command
line tool. You can use the "find-identity" command with the security tool
to verify that it finds the public/private key pair on the card.
On 9/8/11 8:36 AM, "Robert Jacobson" <email@hidden> wrote:
>
>I'd like to be able to sign (and encrypt) arbitrary data using the key
>on my NASA PIV card.
>
>Is this possible using the built-in software somehow? I was looking at
>the command-line tool "security"; it seems I might be able to export the
>key from the card (and I suppose use 'openssl' from there?) However,
>that doesn't seem like the most secure option -- I'd like to leave the
>key on the card where it belongs, if possible.
>
>My objective here is to create a signed file/digest that can be verified
>on a remote client using my public key and the command-line openssl
>client.
>
>--
>-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>Robert Jacobson
>Lead System Admin Solar Dynamics Observatory (SDO)
>
>
> _______________________________________________
>Do not post admin requests to the list. They will be ignored.
>Fed-talk mailing list (email@hidden)
>Help/Unsubscribe/Update your Subscription:
>
>This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden