formatting of blocks

This commit is contained in:
Klas Lindfors
2015-11-25 12:52:52 +01:00
parent e4a2b6c3de
commit 856cf03009
+21 -9
View File
@@ -17,45 +17,57 @@ Steps
1. Import the key and cert, do one of the below: 1. Import the key and cert, do one of the below:
a. Import the key and cert (PEM format) in slot 9a: a. Import the key and cert (PEM format) in slot 9a:
+
----
$ yubico-piv-tool -s 9a -a import-key -i key.pem $ yubico-piv-tool -s 9a -a import-key -i key.pem
$ yubico-piv-tool -s 9a -a import-certificate -i cert.pem $ yubico-piv-tool -s 9a -a import-certificate -i cert.pem
----
b. Import the key and cert (PKCS12 format) in slot 9a: b. Import the key and cert (PKCS12 format) in slot 9a:
+
----
$ yubico-piv-tool -s 9a -a import-key -a import-cert -i key.p12 -K PKCS12 $ yubico-piv-tool -s 9a -a import-key -a import-cert -i key.p12 -K PKCS12
----
2. Create a java pkcs11 configuration file: 2. Create a java pkcs11 configuration file:
+
----
cat > /tmp/pkcs11_java.cfg cat > /tmp/pkcs11_java.cfg
name = OpenSC-PKCS11 name = OpenSC-PKCS11
description = SunPKCS11 via OpenSC description = SunPKCS11 via OpenSC
library = /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so library = /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
slotListIndex = 1 slotListIndex = 1
----
3. Check that keytool can see the key: 3. Check that keytool can see the key:
+
----
$ keytool -providerClass sun.security.pkcs11.SunPKCS11 -providerArg /tmp/pkcs11_java.cfg \ $ keytool -providerClass sun.security.pkcs11.SunPKCS11 -providerArg /tmp/pkcs11_java.cfg \
-keystore NONE -storetype PKCS11 -list -keystore NONE -storetype PKCS11 -list
Enter keystore password: Enter keystore password:
+
Keystore type: PKCS11 Keystore type: PKCS11
Keystore provider: SunPKCS11-OpenSC-PKCS11 Keystore provider: SunPKCS11-OpenSC-PKCS11
+
Your keystore contains 1 entry Your keystore contains 1 entry
+
Certificate for PIV Authentication, PrivateKeyEntry, Certificate for PIV Authentication, PrivateKeyEntry,
Certificate fingerprint (SHA1): 26:D7:CB:71:6D:42:3C:AB:58:69:E0:9D:F0:16:DF:84:7E:1C:5A:9A Certificate fingerprint (SHA1): 26:D7:CB:71:6D:42:3C:AB:58:69:E0:9D:F0:16:DF:84:7E:1C:5A:9A
----
+ +
Password here is the PIN of the key (default 123456). Password here is the PIN of the key (default 123456).
4. Sign the apk with jarsigner: 4. Sign the apk with jarsigner:
+
----
$ jarsigner -providerClass sun.security.pkcs11.SunPKCS11 -providerArg /tmp/pkcs11_java.cfg \ $ jarsigner -providerClass sun.security.pkcs11.SunPKCS11 -providerArg /tmp/pkcs11_java.cfg \
-keystore NONE -storetype PKCS11 app.apk "Certificate for PIV Authentication" -keystore NONE -storetype PKCS11 app.apk "Certificate for PIV Authentication"
Enter Passphrase for keystore: Enter Passphrase for keystore:
jar signed. jar signed.
----
5. Verify the signature with jarsigner: 5. Verify the signature with jarsigner:
+
----
$ jarsigner -verify app.apk $ jarsigner -verify app.apk
----