wiki:PuttySmartcard

NB! This project is outdated and unmaintained, please refer to the OpenSC WindowsInstaller instead!

Last modified 6 years ago

Using Putty with smart cards

First install the smart card bundle package. If you have a blank smart card, please create a key and put a certificate on it.

Test if the smart card works. A good test would be:

  • Run "pkcs15-tool.exe -c" to list all certificates 
    pkcs15-tool -c
X.509 Certificate [Certificate]
        Flags    : 2
        Authority: no
        Path     : 3F0050154545
        ID       : 45
  • "pkcs15-tool.exe -r 45" to download certiticate 45 (replace 45 with the id of your certificate). 
    pkcs15-tool -r 45
-----BEGIN CERTIFICATE-----
MIIDijCCAnKgAwIBAgIBADANBgkqhkiG9w0BAQQFADA8MRwwGgYDVQQDExNBbmRy
ZWFzIEplbGxpbmdoYXVzMRwwGgYJKoZIhvcNAQkBFg1hakBsZW9naWMuY29tMB4X
DTA0MTAxMTA5MTUxM1oXDTA0MTExMDA5MTUxM1owPDEcMBoGA1UEAxMTQW5kcmVh
cyBKZWxsaW5naGF1czEcMBoGCSqGSIb3DQEJARYNYWpAbGVvZ2ljLmNvbTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKx7/bfFu1MkmCTa8WiAe7U59lqq
SKvosNbEw1k0JXklHYYaLAEnwYXHmCGxEawnPe3vAp3rzRHX7QIEoKDxqRrc8WEU
/N/DCknGotLFHsyWibs/NKJQfHcTu6JCF1bT38Rbn8vWN7Huihf3houtn+YxkKHZ
...
bGHBDDT7x/ph5z2NlGkwSlzHFZurU7F5uTM4sHWVFZ2TGUPctC7bRL78QG0UBrmE
pH/e/t5+jOEB2xBj3bkpUjln2AMVIaeYeNBN6H9+ePRiS6362WQiGsU998I3zA==
-----END CERTIFICATE-----
  • run "pkcs11-tool.exe --login --test" to test your key. 
    pkcs11-tool --login --test
Please enter PIN: 
C_SeedRandom() and C_GenerateRandom():
  seems to be OK
Digests:
  all 4 digest functions seem to work
  MD5: OK
  SHA-1: OK
  RIPEMD160: OK
Signatures (currently only RSA signatures)
  testing key 0 (Private Key) 
  all 4 signature functions seem to work
  testing signature mechanisms:
    RSA-X-509: OK
    RSA-PKCS: OK
    SHA1-RSA-PKCS: OK
    MD5-RSA-PKCS: OK
    RIPEMD160-RSA-PKCS: OK
Verify (currently only for RSA):
  testing key 0 (Private Key)
    RSA-X-509: OK
    RSA-PKCS: OK
    SHA1-RSA-PKCS: OK
    MD5-RSA-PKCS: OK
    RIPEMD160-RSA-PKCS: OK
Key unwrap (RSA)
  testing key 0 (Private Key)  -- can't be used to unwrap, skipping
Decryption (RSA)
  testing key 0 (Private Key)  -- can't be used to decrypt, skipping
Testing card detection
Please press return to continue, x to exit: x
Testing card detection using C_WaitForSlotEvent
Please press return to continue, x to exit: x
No errors

If these tests are successful, then putty should work fine as well.

Open up putty, and in the connection windows, check the pkcs11 box and put in the "opensc-pkcs11.dll" as pkcs11 library (that file is in the installation directory of the smart card bundle).

http://www.opensc-project.org/scb/attachment/wiki/PuttySmartcard/putty.jpg?format=raw

Then connect to some host as usual.

FIXME

  • does putty require certificates, too?
  • how to download the key in ssh v1 / v2 format?
  • any way to store putty keys on a card?

Attachments