Using Putty with smart cards
First install the smart card bundle package. If you have a blank smart card, please create a key and put a certificate on it.
Test if the smart card works. A good test would be:
- Run "pkcs15-tool.exe -c" to list all certificates
pkcs15-tool -c X.509 Certificate [Certificate] Flags : 2 Authority: no Path : 3F0050154545 ID : 45
- "pkcs15-tool.exe -r 45" to download certiticate 45 (replace 45 with the id of your certificate).
pkcs15-tool -r 45 -----BEGIN CERTIFICATE----- MIIDijCCAnKgAwIBAgIBADANBgkqhkiG9w0BAQQFADA8MRwwGgYDVQQDExNBbmRy ZWFzIEplbGxpbmdoYXVzMRwwGgYJKoZIhvcNAQkBFg1hakBsZW9naWMuY29tMB4X DTA0MTAxMTA5MTUxM1oXDTA0MTExMDA5MTUxM1owPDEcMBoGA1UEAxMTQW5kcmVh cyBKZWxsaW5naGF1czEcMBoGCSqGSIb3DQEJARYNYWpAbGVvZ2ljLmNvbTCCASIw DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKx7/bfFu1MkmCTa8WiAe7U59lqq SKvosNbEw1k0JXklHYYaLAEnwYXHmCGxEawnPe3vAp3rzRHX7QIEoKDxqRrc8WEU /N/DCknGotLFHsyWibs/NKJQfHcTu6JCF1bT38Rbn8vWN7Huihf3houtn+YxkKHZ ... bGHBDDT7x/ph5z2NlGkwSlzHFZurU7F5uTM4sHWVFZ2TGUPctC7bRL78QG0UBrmE pH/e/t5+jOEB2xBj3bkpUjln2AMVIaeYeNBN6H9+ePRiS6362WQiGsU998I3zA== -----END CERTIFICATE-----
- run "pkcs11-tool.exe --login --test" to test your key.
pkcs11-tool --login --test Please enter PIN: C_SeedRandom() and C_GenerateRandom(): seems to be OK Digests: all 4 digest functions seem to work MD5: OK SHA-1: OK RIPEMD160: OK Signatures (currently only RSA signatures) testing key 0 (Private Key) all 4 signature functions seem to work testing signature mechanisms: RSA-X-509: OK RSA-PKCS: OK SHA1-RSA-PKCS: OK MD5-RSA-PKCS: OK RIPEMD160-RSA-PKCS: OK Verify (currently only for RSA): testing key 0 (Private Key) RSA-X-509: OK RSA-PKCS: OK SHA1-RSA-PKCS: OK MD5-RSA-PKCS: OK RIPEMD160-RSA-PKCS: OK Key unwrap (RSA) testing key 0 (Private Key) -- can't be used to unwrap, skipping Decryption (RSA) testing key 0 (Private Key) -- can't be used to decrypt, skipping Testing card detection Please press return to continue, x to exit: x Testing card detection using C_WaitForSlotEvent Please press return to continue, x to exit: x No errors
If these tests are successful, then putty should work fine as well.
Open up putty, and in the connection windows, check the pkcs11 box and put in the "opensc-pkcs11.dll" as pkcs11 library (that file is in the installation directory of the smart card bundle).
http://www.opensc-project.org/scb/attachment/wiki/PuttySmartcard/putty.jpg?format=raw
Then connect to some host as usual.
FIXME
- does putty require certificates, too?
- how to download the key in ssh v1 / v2 format?
- any way to store putty keys on a card?
