Post on 28-Mar-2015
Vor
lesu
ng M
icro
com
pute
rtec
hnik
MicrocomputertechnikVorlesung
Ergänzungen
T
hom
as H
üttn
er,
Kar
in M
ayr
Vor
lesu
ng M
icro
com
pute
rtec
hnik
Programmierhinweise
Headerfile(s) Link Library
Ressource Manager API
winscard.h
(Rückgabewerte sind in scarderr.h definiert)
winscard.dll
MKT / CT-API -
(eventuell selbst zu erstellen)
herstellerspezifisch
(ctdeutin.DLL für OMNIKEY Leser)
Crypto API wincrypt.h advapi32.dll
(Utimaco Universal Smartcard CSP)
PKCS#11 pkcs11.h
(pkcs11t.h + pkcs11f.h)
herstellerspezifisch
(pkcs201n.dll für Utimaco PKCS#11)
T
hom
as H
üttn
er,
Kar
in M
ayr
Vor
lesu
ng M
icro
com
pute
rtec
hnik
Nützliche Links PC/SC Standard
http://www.pcscworkgroup.com/ API Spezifikation: http://msdn.microsoft.com/library/
Security / Security (General) / SDK Documentation / Authentication / Authentication Reference / Authentication Functions (Smart Card Functions)
Funktionen beginnen mit SCard
MKT / CT-API http://www.darmstadt.gmd.de/~eckstein/CT/mkt.html#SPEK
Crypto API: http://msdn.microsoft.com/library/ Allgemeine Beschreibung:
Security / Cryptography / Cryptographic API Funktionen:
Security / Security (General) / SDK Documentation / Cryptography / Cryptography Reference / Cryptography Functions
PKCS#11 http://www.rsasecurity.com/rsalabs/pkcs/pkcs-11/index.html
T
hom
as H
üttn
er,
Kar
in M
ayr
Vor
lesu
ng M
icro
com
pute
rtec
hnik
Using PKCS#11 with Netscape
How to install a new PKCS#11 module How to inspect a library How to retrieve a certificate with an Internet PKI How to inspect and verify a certificate How to sign and decrypt e-mails
T
hom
as H
üttn
er,
Kar
in M
ayr
Vor
lesu
ng M
icro
com
pute
rtec
hnik
How to install a PKCS#11 Module (1/2)
Press “Security”
Select “Cryptographic Modules”
get a list of installed modules
To install a module, press the “Add” button
T
hom
as H
üttn
er,
Kar
in M
ayr
Vor
lesu
ng M
icro
com
pute
rtec
hnik
How to install a PKCS#11 Module (2/2)
The “Create a New Security Module” dialog is shown
Specify a module name Enter the path and file name
of the PKCS#11 DLL(sorry, there is no file select button)
Press the “OK” button Notice: It works only if the
path is set to the path where the DLL is located
T
hom
as H
üttn
er,
Kar
in M
ayr
Vor
lesu
ng M
icro
com
pute
rtec
hnik
How to inspect a Library (1/3)
Select “Cryptographic Modules”
get a list of installed modules
Select one module in the list
To inspect a module, press the “View/Edit” button
T
hom
as H
üttn
er,
Kar
in M
ayr
Vor
lesu
ng M
icro
com
pute
rtec
hnik
How to inspect a Library (2/3)
The “Edit Security Module” dialog is shown
Select one of the slots in the list box to continue
Press “More Info…” to get information about the token
Press “Config” to see supported mechanisms and configure the slot
T
hom
as H
üttn
er,
Kar
in M
ayr
Vor
lesu
ng M
icro
com
pute
rtec
hnik
How to inspect a Library (3/3)
Token / Slot information Configure Slot
T
hom
as H
üttn
er,
Kar
in M
ayr
Vor
lesu
ng M
icro
com
pute
rtec
hnik
How to retrieve a Certificate (1/2)
Get to VeriSign or GlobalSign web page VeriSign
(http://www.verisign.com/client/enrollment/index.html)
GlobalSign (http://secure.globalsign.net/en/index.cfm)
Follow the instructions they give you
Don‘t forget to select the device where you want to store the certificate
T
hom
as H
üttn
er,
Kar
in M
ayr
Vor
lesu
ng M
icro
com
pute
rtec
hnik
How to retrieve a Certificate (2/2)
Don‘t forget: The e-mail
address must correspond to this one in the preferences of Netscape Communicator
After having received the certificate click on „Messenger“ button of the security page
T
hom
as H
üttn
er,
Kar
in M
ayr
Vor
lesu
ng M
icro
com
pute
rtec
hnik
How to inspect and verify a Certificate (1/2)
Select „Certificate – Yours“
get a list of available certificates
Select one certificate
T
hom
as H
üttn
er,
Kar
in M
ayr
Vor
lesu
ng M
icro
com
pute
rtec
hnik
How to inspect and verify a Certificate (2/2)
Press „View“ to inspect a certificate
Press „Verify“ to verify a certificate
T
hom
as H
üttn
er,
Kar
in M
ayr
Vor
lesu
ng M
icro
com
pute
rtec
hnik
How to sign and decrypt e-mails
Choose the tab sheet „Message Sending Options“ Enable “Encrypted” and / or “Signed”
Notice: To encrypt a mail you need the receiver’s certificate Press the “Security” button and choose “Certificates – People” to see if you have one
Click on the “Send” button and present the PIN, when asked