formatting of blocks
This commit is contained in:
@@ -17,45 +17,57 @@ Steps
|
|||||||
|
|
||||||
1. Import the key and cert, do one of the below:
|
1. Import the key and cert, do one of the below:
|
||||||
a. Import the key and cert (PEM format) in slot 9a:
|
a. Import the key and cert (PEM format) in slot 9a:
|
||||||
|
+
|
||||||
|
----
|
||||||
$ yubico-piv-tool -s 9a -a import-key -i key.pem
|
$ yubico-piv-tool -s 9a -a import-key -i key.pem
|
||||||
$ yubico-piv-tool -s 9a -a import-certificate -i cert.pem
|
$ yubico-piv-tool -s 9a -a import-certificate -i cert.pem
|
||||||
|
----
|
||||||
|
|
||||||
b. Import the key and cert (PKCS12 format) in slot 9a:
|
b. Import the key and cert (PKCS12 format) in slot 9a:
|
||||||
|
+
|
||||||
|
----
|
||||||
$ yubico-piv-tool -s 9a -a import-key -a import-cert -i key.p12 -K PKCS12
|
$ yubico-piv-tool -s 9a -a import-key -a import-cert -i key.p12 -K PKCS12
|
||||||
|
----
|
||||||
|
|
||||||
2. Create a java pkcs11 configuration file:
|
2. Create a java pkcs11 configuration file:
|
||||||
|
+
|
||||||
|
----
|
||||||
cat > /tmp/pkcs11_java.cfg
|
cat > /tmp/pkcs11_java.cfg
|
||||||
name = OpenSC-PKCS11
|
name = OpenSC-PKCS11
|
||||||
description = SunPKCS11 via OpenSC
|
description = SunPKCS11 via OpenSC
|
||||||
library = /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
|
library = /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
|
||||||
slotListIndex = 1
|
slotListIndex = 1
|
||||||
|
----
|
||||||
|
|
||||||
3. Check that keytool can see the key:
|
3. Check that keytool can see the key:
|
||||||
|
+
|
||||||
|
----
|
||||||
$ keytool -providerClass sun.security.pkcs11.SunPKCS11 -providerArg /tmp/pkcs11_java.cfg \
|
$ keytool -providerClass sun.security.pkcs11.SunPKCS11 -providerArg /tmp/pkcs11_java.cfg \
|
||||||
-keystore NONE -storetype PKCS11 -list
|
-keystore NONE -storetype PKCS11 -list
|
||||||
Enter keystore password:
|
Enter keystore password:
|
||||||
+
|
|
||||||
Keystore type: PKCS11
|
Keystore type: PKCS11
|
||||||
Keystore provider: SunPKCS11-OpenSC-PKCS11
|
Keystore provider: SunPKCS11-OpenSC-PKCS11
|
||||||
+
|
|
||||||
Your keystore contains 1 entry
|
Your keystore contains 1 entry
|
||||||
+
|
|
||||||
Certificate for PIV Authentication, PrivateKeyEntry,
|
Certificate for PIV Authentication, PrivateKeyEntry,
|
||||||
Certificate fingerprint (SHA1): 26:D7:CB:71:6D:42:3C:AB:58:69:E0:9D:F0:16:DF:84:7E:1C:5A:9A
|
Certificate fingerprint (SHA1): 26:D7:CB:71:6D:42:3C:AB:58:69:E0:9D:F0:16:DF:84:7E:1C:5A:9A
|
||||||
|
----
|
||||||
+
|
+
|
||||||
Password here is the PIN of the key (default 123456).
|
Password here is the PIN of the key (default 123456).
|
||||||
|
|
||||||
4. Sign the apk with jarsigner:
|
4. Sign the apk with jarsigner:
|
||||||
|
+
|
||||||
|
----
|
||||||
$ jarsigner -providerClass sun.security.pkcs11.SunPKCS11 -providerArg /tmp/pkcs11_java.cfg \
|
$ jarsigner -providerClass sun.security.pkcs11.SunPKCS11 -providerArg /tmp/pkcs11_java.cfg \
|
||||||
-keystore NONE -storetype PKCS11 app.apk "Certificate for PIV Authentication"
|
-keystore NONE -storetype PKCS11 app.apk "Certificate for PIV Authentication"
|
||||||
Enter Passphrase for keystore:
|
Enter Passphrase for keystore:
|
||||||
jar signed.
|
jar signed.
|
||||||
|
----
|
||||||
|
|
||||||
5. Verify the signature with jarsigner:
|
5. Verify the signature with jarsigner:
|
||||||
|
+
|
||||||
|
----
|
||||||
$ jarsigner -verify app.apk
|
$ jarsigner -verify app.apk
|
||||||
|
----
|
||||||
|
|||||||
Reference in New Issue
Block a user