Open skrati opened 1 year ago
What does MFP stand for?
On Wed, Sep 6, 2023 at 19:07 skrati @.***> wrote:
Hi,
I am new to Smart Card Programming, We are using CAC/PIV card for authentication on MFP. Can someone please suggest which library can be used for S/MIME operation on MFP. Private key from card cannot be taken out , so there should be some interface which digitally sign (S/MIME) the email using private key inside the card.
I know below openssl command can be used for signing:
openssl smime -sign -in encrypted_email.txt -out signed_email.txt -signer sender_cert.pem -inkey sender_key.pem
But we cannot take private key out of card. So looking for thirdparty lib which can support this.
I am not able to find anything on internet. Tried reading about openSC and 90meter lib but no such information is given.
Thank you
— Reply to this email directly, view it on GitHub https://github.com/AF-VCD/Mrs-SMIME/issues/6, or unsubscribe https://github.com/notifications/unsubscribe-auth/AB53AMTO6IZJ7Z7DOLONEETXZFJAXANCNFSM6AAAAAA4OJ2V2Y . You are receiving this because you are subscribed to this thread.Message ID: @.***>
Multi Functional Printers Sorry missed to mentioned that
It’s going to be very printer specific, do you have some kind of remote ssh access into the printer or something? What printer and what OS?
On Wed, Sep 6, 2023 at 19:10 skrati @.***> wrote:
Multi Functional Printers Sorry missed to mentioned that
— Reply to this email directly, view it on GitHub https://github.com/AF-VCD/Mrs-SMIME/issues/6#issuecomment-1709484579, or unsubscribe https://github.com/notifications/unsubscribe-auth/AB53AMXZTVPYUDA43D32SMDXZFJNRANCNFSM6AAAAAA4OJ2V2Y . You are receiving this because you commented.Message ID: @.***>
We do have remote ssh access into the printer and linux is OS. Actually we have already implemented CAC/PIV card reader functionality using 90meter(middleware) and PKCS#11 module. Now we want to implement for SMIME. And on internet its written PKCS#11 provide support for smart card but nothing is written about SMIME functionality.
OpenSSL also has S/MIME encrypt and decrypt functionality, and you can combine that with a pkcs11 module. I have a write-up I did a while back that goes over what I did to get it work on Ubuntu. https://xoid.net/2019/07/22/smartcard-with-opensc-and-openssl.html
Thank you for sharing the information. I read it and wanted to ask - That since there are multiple certificates in card, and for signing if we want to use only digital signature certificate how we will get to know that certificate id ? In your link its mentioned --- "Luckily, the smartcard only had three keys, and after some guesswork, I determined that I needed to use the 3rd key. This is what I put into the -inkey parameter."
Yeah I think you can use the pkcs11-tool command line tool to output all the certificates on the smart card, and then use sed/grep/awk to help you figure out which one you should be using. Sorry don’t know the specifics though.
On Wed, Sep 6, 2023 at 22:11 skrati @.***> wrote:
Thank you for sharing the information. I read it and wanted to ask - That since there are multiple certificates in card, and for signing if we want to use only digital signature certificate how we will get to know that certificate id ? In your link its mentioned --- "Luckily, the smartcard only had three keys, and after some guesswork, I determined that I needed to use the 3rd key. This is what I put into the -inkey parameter."
— Reply to this email directly, view it on GitHub https://github.com/AF-VCD/Mrs-SMIME/issues/6#issuecomment-1709677566, or unsubscribe https://github.com/notifications/unsubscribe-auth/AB53AMVF4LDETHGPLSDIAATXZF6TZANCNFSM6AAAAAA4OJ2V2Y . You are receiving this because you commented.Message ID: @.***>
Hi,
I am new to Smart Card Programming, We are using CAC/PIV card for authentication on MFP. Can someone please suggest which library can be used for S/MIME operation on MFP. Private key from card cannot be taken out , so there should be some interface which digitally sign (S/MIME) the email using private key inside the card.
I know below openssl command can be used for signing:
openssl smime -sign -in encrypted_email.txt -out signed_email.txt -signer sender_cert.pem -inkey sender_key.pem
But we cannot take private key out of card. So looking for thirdparty lib which can support this.
I am not able to find anything on internet. Tried reading about openSC and 90meter lib but no such information is given.
Thank you