68 lines
896 B
Markdown
68 lines
896 B
Markdown
# Yubikey PIV PKCS#11
|
|
|
|
> This project is forked form: https://github.com/google/native-pkcs11
|
|
|
|
|
|
<br>
|
|
|
|
## OpenSC pkcs11-tool
|
|
|
|
Alias:
|
|
|
|
```shell
|
|
alias p11='pkcs11-tool --module /FULLPATH/libyubikey_piv_pkcs11.dylib'
|
|
```
|
|
|
|
List certificates:
|
|
|
|
```shell
|
|
p11 --list-object --type cert
|
|
```
|
|
|
|
## OpenSSH
|
|
|
|
Alias:
|
|
|
|
```shell
|
|
alias sshp11='ssh -I /FULLPATH/libyubikey_piv_pkcs11.dylib'
|
|
```
|
|
|
|
SSH server:
|
|
|
|
```shell
|
|
sshp11 root@example.com
|
|
```
|
|
|
|
## Configuration
|
|
|
|
### Turn on retired slots
|
|
|
|
Default retired slots are disabled, turn on:
|
|
|
|
```shell
|
|
export ENABLE_RETIRED=1
|
|
```
|
|
|
|
### Slot filter
|
|
|
|
```shell
|
|
export SLOT_FILTER=9a,83
|
|
```
|
|
|
|
### Pin entry
|
|
|
|
Default pin entry command:
|
|
|
|
```
|
|
/usr/local/MacGPG2/libexec/pinentry-mac.app/Contents/MacOS/pinentry-mac
|
|
```
|
|
|
|
Set pin entry command by env:
|
|
|
|
```shell
|
|
export PIN_ENTRY_CMD=pin-entry-command
|
|
```
|
|
|
|
or edit file `~/.pinentry.cmd`,
|
|
|
|
if no pin entry found, will use `pinentry`. |