5 554
muokkausta
Muutokset
Siirry navigaatioon
Siirry hakuun
== Älykortit ==
Varmenteen luku älykortilta.
=== Varmenteiden listaus ===
<pre>
% pkcs15-tool -c
Using reader with a card: Gemalto PC Twin Reader (DF244A22) 00 00
X.509 Certificate [todentamis- ja salausvarmenne]
Object Flags : [0x0]
Authority : no
Path : 3f004331
ID : 45
Access Rules : read:<always>;
Encoded serial : 02 04 3BA8D0D3
X.509 Certificate [allekirjoitusvarmenne]
Object Flags : [0x0]
Authority : no
Path : 3f0050164332
ID : 46
Access Rules : read:<always>;
Encoded serial : 02 04 3BA8D0D0
X.509 Certificate [VRK Gov. Root CA]
Object Flags : [0x0]
Authority : yes
Path : 3f004334
ID : 48
Access Rules : read:<always>;
Encoded serial : 02 03 0186A0
X.509 Certificate [VRK Gov. CA for Citizen Qualified Certificates]
Object Flags : [0x0]
Authority : yes
Path : 3f004333
ID : 47
Access Rules : read:<always>;
Encoded serial : 02 03 018899
</pre>
Varmenteet on numeroitu ID tunnisteella.
=== Avaimen luku ===
<pre>
$ % pkcs15-tool -r 45
Using reader with a card: Gemalto PC Twin Reader (DF244A22) 00 00
-----BEGIN CERTIFICATE-----
MIIGGDCCBQCgAwIBAgIEO6jQ0zANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMC
RkkxEDAOBgNVBAgTB0ZpbmxhbmQxITAfBgNVBAoTGFZhZXN0b3Jla2lzdGVyaWtl
c2t1cyBDQTEkMCIGA1UECxMbVmFsdGlvbiBrYW5zYWxhaXN2YXJtZW50ZWV0MTcw
NQYDVQQDEy5WUksgR292LiBDQSBmb3IgQ2l0aXplbiBRdWFsaWZpZWQgQ2VydGlm
aWNhdGVzMB4XDTExMDQyOTA5MDUwMVoXDTE2MDQyODIxNTk1OVowYzELMAkGA1UE
BhMCRkkxEjAQBgNVBAUTCTEwMDAwMzUwWDENMAsGA1UEKhMESlVIQTEQMA4GA1UE
BBMHVFVPTUFMQTEfMB0GA1UEAxMWVFVPTUFMQSBKVUhBIDEwMDAwMzUwWDCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK/nA02UmL98mepeTkIgt/z7rsyN
RgAelBN9ZiBWk9m/IdVvqbbVpyRTJ02Yt7jRErZM0+vS5H8F7v6Qi3p9RN2H0wIY
PuAbw1GBWrLYAuOqVqcEw/EEnwv9nYANid4RZE+bowwNteRiEUxiPoRcR4Z2P4uX
Re+jibWi+9iwYNaRygPklInX6dRJHxFZDqft5N2LQQhhzYfAIVAMXjQSx9SF7nYf
ZQYAcIwO3jZ4qwoBj7Fp8l/LydLfJwF4+zdI7oIGNWhImqhnzhKPymudqDRyIKvr
AS7PAzJgOKupihZa0/mI7oYioCP+3MW/dWb5RtjzeYu9MYeg6tERy85JfE8CAwEA
AaOCApMwggKPMAwGA1UdEwEB/wQCMAAwgaEGA1UdIASBmTCBljCBkwYJKoF2hAUB
CgIBMIGFMFsGCCsGAQUFBwICME8aTVR1dHVzdHUgdmFybWVubmVwb2xpdGlpa2th
YW4gLSBzZSBjZXJ0aWZpa2F0IHBvbGljeSBodHRwOi8vd3d3LmZpbmVpZC5maS9j
cHMxMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LmZpbmVpZC5maS9jcHMxLzBABggr
BgEFBQcBAQQ0MDIwMAYIKwYBBQUHMAKGJGh0dHA6Ly9wcm94eS5maW5laWQuZmkv
Y2EvdnJrY3FjLmNydDARBglghkgBhvhCAQEEBAMCBaAwHgYDVR0RBBcwFYETanVo
YS50dW9tYWxhQGlraS5maTAOBgNVHQ8BAf8EBAMCBLAwHwYDVR0jBBgwFoAUiFpv
HUJHgob91+kNslfPTVAoBBcwggEUBgNVHR8EggELMIIBBzAsoCqgKIYmaHR0cDov
L3Byb3h5LmZpbmVpZC5maS9jcmwvdnJrY3FjYy5jcmwwgdaggdOggdCGgc1sZGFw
Oi8vbGRhcC5maW5laWQuZmk6Mzg5L2NuJTNkVlJLJTIwR292LiUyMENBJTIwZm9y
JTIwQ2l0aXplbiUyMFF1YWxpZmllZCUyMENlcnRpZmljYXRlcyxvdSUzZFZhbHRp
b24lMjBrYW5zYWxhaXN2YXJtZW50ZWV0LG8lM2RWYWVzdG9yZWtpc3RlcmlrZXNr
dXMlMjBDQSxkbWROYW1lJTNkRklORUlELGMlM2RGST9jZXJ0aWZpY2F0ZVJldm9j
YXRpb25MaXN0MB0GA1UdDgQWBBTrpBk34icBaeKiLEjzSFSCEDR8DzANBgkqhkiG
9w0BAQUFAAOCAQEAQmmsPALeREmd0dZW9FF9uqai7bTyfmd3hX8cgmwSJmpP58cs
kaQMZ4DL9Uo3pO7AU3Io0JQeUc7JC40ecpxAecHqdUcbpKBZfxFfyQ5Evu/OMwGp
+ClDlpgdUnl0dRq96LhX/BE3+qgn3aMJJfqfNuPugsOfN81SlH2K+GChgf1xcqRc
SfSKRTecIv00GHjJzyRRJfMr60/XQwq8wr29yZXHB6s0lF64iv1m/p25F6QomyXi
1dsX/OJ7PodAN2BdTYGgmxl+JYxQlBD7Pj8fd2bgLktV65fs9/NEzaGGB+fLd5O+
naSLIrzqeBIOAom2m5It1LXCgfII6n9ZeIb6cQ==
-----END CERTIFICATE-----
</pre>
Tulosteen voi myös ohjata suodaan tiedostoon:
openssl -r 45 > juha.tuomala.vrk.pem
=== Avaimen tulostus ihmisen luettavaksi ===
<pre>
% pkcs15-tool -r 45| openssl x509 -text -noout
Using reader with a card: Gemalto PC Twin Reader (DF244A22) 00 00
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1000919251 (0x3ba8d0d3)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=FI, ST=Finland, O=Vaestorekisterikeskus CA, OU=Valtion kansalaisvarmenteet, CN=VRK Gov. CA for Citizen Qualified Certificates
Validity
Not Before: Apr 29 09:05:01 2011 GMT
Not After : Apr 28 21:59:59 2016 GMT
Subject: C=FI/serialNumber=10000350X, GN=JUHA, SN=TUOMALA, CN=TUOMALA JUHA 10000350X
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:af:e7:03:4d:94:98:bf:7c:99:ea:5e:4e:42:20:
b7:fc:fb:ae:cc:8d:46:00:1e:94:13:7d:66:20:56:
93:d9:bf:21:d5:6f:a9:b6:d5:a7:24:53:27:4d:98:
b7:b8:d1:12:b6:4c:d3:eb:d2:e4:7f:05:ee:fe:90:
8b:7a:7d:44:dd:87:d3:02:18:3e:e0:1b:c3:51:81:
5a:b2:d8:02:e3:aa:56:a7:04:c3:f1:04:9f:0b:fd:
9d:80:0d:89:de:11:64:4f:9b:a3:0c:0d:b5:e4:62:
11:4c:62:3e:84:5c:47:86:76:3f:8b:97:45:ef:a3:
89:b5:a2:fb:d8:b0:60:d6:91:ca:03:e4:94:89:d7:
e9:d4:49:1f:11:59:0e:a7:ed:e4:dd:8b:41:08:61:
cd:87:c0:21:50:0c:5e:34:12:c7:d4:85:ee:76:1f:
65:06:00:70:8c:0e:de:36:78:ab:0a:01:8f:b1:69:
f2:5f:cb:c9:d2:df:27:01:78:fb:37:48:ee:82:06:
35:68:48:9a:a8:67:ce:12:8f:ca:6b:9d:a8:34:72:
20:ab:eb:01:2e:cf:03:32:60:38:ab:a9:8a:16:5a:
d3:f9:88:ee:86:22:a0:23:fe:dc:c5:bf:75:66:f9:
46:d8:f3:79:8b:bd:31:87:a0:ea:d1:11:cb:ce:49:
7c:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Certificate Policies:
Policy: 1.2.246.517.1.10.2.1
User Notice:
Explicit Text: Tutustu varmennepolitiikkaan - se certifikat policy http://www.fineid.fi/cps1
CPS: http://www.fineid.fi/cps1/
Authority Information Access:
CA Issuers - URI:http://proxy.fineid.fi/ca/vrkcqc.crt
Netscape Cert Type:
SSL Client, S/MIME
X509v3 Subject Alternative Name:
email:juha.tuomala@iki.fi
X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Data Encipherment
X509v3 Authority Key Identifier:
keyid:88:5A:6F:1D:42:47:82:86:FD:D7:E9:0D:B2:57:CF:4D:50:28:04:17
X509v3 CRL Distribution Points:
Full Name:
URI:http://proxy.fineid.fi/crl/vrkcqcc.crl
Full Name:
URI:ldap://ldap.fineid.fi:389/cn%3dVRK%20Gov.%20CA%20for%20Citizen%20Qualified%20Certificates,ou%3dValtion%20kansalaisvarmenteet,o%3dVaestorekisterikeskus%20CA,dmdName%3dFINEID,c%3dFI?certificateRevocationList
X509v3 Subject Key Identifier:
EB:A4:19:37:E2:27:01:69:E2:A2:2C:48:F3:48:54:82:10:34:7C:0F
Signature Algorithm: sha1WithRSAEncryption
42:69:ac:3c:02:de:44:49:9d:d1:d6:56:f4:51:7d:ba:a6:a2:
ed:b4:f2:7e:67:77:85:7f:1c:82:6c:12:26:6a:4f:e7:c7:2c:
91:a4:0c:67:80:cb:f5:4a:37:a4:ee:c0:53:72:28:d0:94:1e:
51:ce:c9:0b:8d:1e:72:9c:40:79:c1:ea:75:47:1b:a4:a0:59:
7f:11:5f:c9:0e:44:be:ef:ce:33:01:a9:f8:29:43:96:98:1d:
52:79:74:75:1a:bd:e8:b8:57:fc:11:37:fa:a8:27:dd:a3:09:
25:fa:9f:36:e3:ee:82:c3:9f:37:cd:52:94:7d:8a:f8:60:a1:
81:fd:71:72:a4:5c:49:f4:8a:45:37:9c:22:fd:34:18:78:c9:
cf:24:51:25:f3:2b:eb:4f:d7:43:0a:bc:c2:bd:bd:c9:95:c7:
07:ab:34:94:5e:b8:8a:fd:66:fe:9d:b9:17:a4:28:9b:25:e2:
d5:db:17:fc:e2:7b:3e:87:40:37:60:5d:4d:81:a0:9b:19:7e:
25:8c:50:94:10:fb:3e:3f:1f:77:66:e0:2e:4b:55:eb:97:ec:
f7:f3:44:cd:a1:86:07:e7:cb:77:93:be:9d:a4:8b:22:bc:ea:
78:12:0e:02:89:b6:9b:92:2d:d4:b5:c2:81:f2:08:ea:7f:59:
78:86:fa:71
</pre>
Ak: Uusi sivu: == Älykortit == Varmenteen luku älykortilta. === Varmenteiden listaus === <pre> % pkcs15-tool -c Using reader with a card: Gemalto PC Twin Reader (DF244A22) 00 00 X.509 Certif...
== Älykortit ==
Varmenteen luku älykortilta.
=== Varmenteiden listaus ===
<pre>
% pkcs15-tool -c
Using reader with a card: Gemalto PC Twin Reader (DF244A22) 00 00
X.509 Certificate [todentamis- ja salausvarmenne]
Object Flags : [0x0]
Authority : no
Path : 3f004331
ID : 45
Access Rules : read:<always>;
Encoded serial : 02 04 3BA8D0D3
X.509 Certificate [allekirjoitusvarmenne]
Object Flags : [0x0]
Authority : no
Path : 3f0050164332
ID : 46
Access Rules : read:<always>;
Encoded serial : 02 04 3BA8D0D0
X.509 Certificate [VRK Gov. Root CA]
Object Flags : [0x0]
Authority : yes
Path : 3f004334
ID : 48
Access Rules : read:<always>;
Encoded serial : 02 03 0186A0
X.509 Certificate [VRK Gov. CA for Citizen Qualified Certificates]
Object Flags : [0x0]
Authority : yes
Path : 3f004333
ID : 47
Access Rules : read:<always>;
Encoded serial : 02 03 018899
</pre>
Varmenteet on numeroitu ID tunnisteella.
=== Avaimen luku ===
<pre>
$ % pkcs15-tool -r 45
Using reader with a card: Gemalto PC Twin Reader (DF244A22) 00 00
-----BEGIN CERTIFICATE-----
MIIGGDCCBQCgAwIBAgIEO6jQ0zANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMC
RkkxEDAOBgNVBAgTB0ZpbmxhbmQxITAfBgNVBAoTGFZhZXN0b3Jla2lzdGVyaWtl
c2t1cyBDQTEkMCIGA1UECxMbVmFsdGlvbiBrYW5zYWxhaXN2YXJtZW50ZWV0MTcw
NQYDVQQDEy5WUksgR292LiBDQSBmb3IgQ2l0aXplbiBRdWFsaWZpZWQgQ2VydGlm
aWNhdGVzMB4XDTExMDQyOTA5MDUwMVoXDTE2MDQyODIxNTk1OVowYzELMAkGA1UE
BhMCRkkxEjAQBgNVBAUTCTEwMDAwMzUwWDENMAsGA1UEKhMESlVIQTEQMA4GA1UE
BBMHVFVPTUFMQTEfMB0GA1UEAxMWVFVPTUFMQSBKVUhBIDEwMDAwMzUwWDCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK/nA02UmL98mepeTkIgt/z7rsyN
RgAelBN9ZiBWk9m/IdVvqbbVpyRTJ02Yt7jRErZM0+vS5H8F7v6Qi3p9RN2H0wIY
PuAbw1GBWrLYAuOqVqcEw/EEnwv9nYANid4RZE+bowwNteRiEUxiPoRcR4Z2P4uX
Re+jibWi+9iwYNaRygPklInX6dRJHxFZDqft5N2LQQhhzYfAIVAMXjQSx9SF7nYf
ZQYAcIwO3jZ4qwoBj7Fp8l/LydLfJwF4+zdI7oIGNWhImqhnzhKPymudqDRyIKvr
AS7PAzJgOKupihZa0/mI7oYioCP+3MW/dWb5RtjzeYu9MYeg6tERy85JfE8CAwEA
AaOCApMwggKPMAwGA1UdEwEB/wQCMAAwgaEGA1UdIASBmTCBljCBkwYJKoF2hAUB
CgIBMIGFMFsGCCsGAQUFBwICME8aTVR1dHVzdHUgdmFybWVubmVwb2xpdGlpa2th
YW4gLSBzZSBjZXJ0aWZpa2F0IHBvbGljeSBodHRwOi8vd3d3LmZpbmVpZC5maS9j
cHMxMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LmZpbmVpZC5maS9jcHMxLzBABggr
BgEFBQcBAQQ0MDIwMAYIKwYBBQUHMAKGJGh0dHA6Ly9wcm94eS5maW5laWQuZmkv
Y2EvdnJrY3FjLmNydDARBglghkgBhvhCAQEEBAMCBaAwHgYDVR0RBBcwFYETanVo
YS50dW9tYWxhQGlraS5maTAOBgNVHQ8BAf8EBAMCBLAwHwYDVR0jBBgwFoAUiFpv
HUJHgob91+kNslfPTVAoBBcwggEUBgNVHR8EggELMIIBBzAsoCqgKIYmaHR0cDov
L3Byb3h5LmZpbmVpZC5maS9jcmwvdnJrY3FjYy5jcmwwgdaggdOggdCGgc1sZGFw
Oi8vbGRhcC5maW5laWQuZmk6Mzg5L2NuJTNkVlJLJTIwR292LiUyMENBJTIwZm9y
JTIwQ2l0aXplbiUyMFF1YWxpZmllZCUyMENlcnRpZmljYXRlcyxvdSUzZFZhbHRp
b24lMjBrYW5zYWxhaXN2YXJtZW50ZWV0LG8lM2RWYWVzdG9yZWtpc3RlcmlrZXNr
dXMlMjBDQSxkbWROYW1lJTNkRklORUlELGMlM2RGST9jZXJ0aWZpY2F0ZVJldm9j
YXRpb25MaXN0MB0GA1UdDgQWBBTrpBk34icBaeKiLEjzSFSCEDR8DzANBgkqhkiG
9w0BAQUFAAOCAQEAQmmsPALeREmd0dZW9FF9uqai7bTyfmd3hX8cgmwSJmpP58cs
kaQMZ4DL9Uo3pO7AU3Io0JQeUc7JC40ecpxAecHqdUcbpKBZfxFfyQ5Evu/OMwGp
+ClDlpgdUnl0dRq96LhX/BE3+qgn3aMJJfqfNuPugsOfN81SlH2K+GChgf1xcqRc
SfSKRTecIv00GHjJzyRRJfMr60/XQwq8wr29yZXHB6s0lF64iv1m/p25F6QomyXi
1dsX/OJ7PodAN2BdTYGgmxl+JYxQlBD7Pj8fd2bgLktV65fs9/NEzaGGB+fLd5O+
naSLIrzqeBIOAom2m5It1LXCgfII6n9ZeIb6cQ==
-----END CERTIFICATE-----
</pre>
Tulosteen voi myös ohjata suodaan tiedostoon:
openssl -r 45 > juha.tuomala.vrk.pem
=== Avaimen tulostus ihmisen luettavaksi ===
<pre>
% pkcs15-tool -r 45| openssl x509 -text -noout
Using reader with a card: Gemalto PC Twin Reader (DF244A22) 00 00
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1000919251 (0x3ba8d0d3)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=FI, ST=Finland, O=Vaestorekisterikeskus CA, OU=Valtion kansalaisvarmenteet, CN=VRK Gov. CA for Citizen Qualified Certificates
Validity
Not Before: Apr 29 09:05:01 2011 GMT
Not After : Apr 28 21:59:59 2016 GMT
Subject: C=FI/serialNumber=10000350X, GN=JUHA, SN=TUOMALA, CN=TUOMALA JUHA 10000350X
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:af:e7:03:4d:94:98:bf:7c:99:ea:5e:4e:42:20:
b7:fc:fb:ae:cc:8d:46:00:1e:94:13:7d:66:20:56:
93:d9:bf:21:d5:6f:a9:b6:d5:a7:24:53:27:4d:98:
b7:b8:d1:12:b6:4c:d3:eb:d2:e4:7f:05:ee:fe:90:
8b:7a:7d:44:dd:87:d3:02:18:3e:e0:1b:c3:51:81:
5a:b2:d8:02:e3:aa:56:a7:04:c3:f1:04:9f:0b:fd:
9d:80:0d:89:de:11:64:4f:9b:a3:0c:0d:b5:e4:62:
11:4c:62:3e:84:5c:47:86:76:3f:8b:97:45:ef:a3:
89:b5:a2:fb:d8:b0:60:d6:91:ca:03:e4:94:89:d7:
e9:d4:49:1f:11:59:0e:a7:ed:e4:dd:8b:41:08:61:
cd:87:c0:21:50:0c:5e:34:12:c7:d4:85:ee:76:1f:
65:06:00:70:8c:0e:de:36:78:ab:0a:01:8f:b1:69:
f2:5f:cb:c9:d2:df:27:01:78:fb:37:48:ee:82:06:
35:68:48:9a:a8:67:ce:12:8f:ca:6b:9d:a8:34:72:
20:ab:eb:01:2e:cf:03:32:60:38:ab:a9:8a:16:5a:
d3:f9:88:ee:86:22:a0:23:fe:dc:c5:bf:75:66:f9:
46:d8:f3:79:8b:bd:31:87:a0:ea:d1:11:cb:ce:49:
7c:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Certificate Policies:
Policy: 1.2.246.517.1.10.2.1
User Notice:
Explicit Text: Tutustu varmennepolitiikkaan - se certifikat policy http://www.fineid.fi/cps1
CPS: http://www.fineid.fi/cps1/
Authority Information Access:
CA Issuers - URI:http://proxy.fineid.fi/ca/vrkcqc.crt
Netscape Cert Type:
SSL Client, S/MIME
X509v3 Subject Alternative Name:
email:juha.tuomala@iki.fi
X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Data Encipherment
X509v3 Authority Key Identifier:
keyid:88:5A:6F:1D:42:47:82:86:FD:D7:E9:0D:B2:57:CF:4D:50:28:04:17
X509v3 CRL Distribution Points:
Full Name:
URI:http://proxy.fineid.fi/crl/vrkcqcc.crl
Full Name:
URI:ldap://ldap.fineid.fi:389/cn%3dVRK%20Gov.%20CA%20for%20Citizen%20Qualified%20Certificates,ou%3dValtion%20kansalaisvarmenteet,o%3dVaestorekisterikeskus%20CA,dmdName%3dFINEID,c%3dFI?certificateRevocationList
X509v3 Subject Key Identifier:
EB:A4:19:37:E2:27:01:69:E2:A2:2C:48:F3:48:54:82:10:34:7C:0F
Signature Algorithm: sha1WithRSAEncryption
42:69:ac:3c:02:de:44:49:9d:d1:d6:56:f4:51:7d:ba:a6:a2:
ed:b4:f2:7e:67:77:85:7f:1c:82:6c:12:26:6a:4f:e7:c7:2c:
91:a4:0c:67:80:cb:f5:4a:37:a4:ee:c0:53:72:28:d0:94:1e:
51:ce:c9:0b:8d:1e:72:9c:40:79:c1:ea:75:47:1b:a4:a0:59:
7f:11:5f:c9:0e:44:be:ef:ce:33:01:a9:f8:29:43:96:98:1d:
52:79:74:75:1a:bd:e8:b8:57:fc:11:37:fa:a8:27:dd:a3:09:
25:fa:9f:36:e3:ee:82:c3:9f:37:cd:52:94:7d:8a:f8:60:a1:
81:fd:71:72:a4:5c:49:f4:8a:45:37:9c:22:fd:34:18:78:c9:
cf:24:51:25:f3:2b:eb:4f:d7:43:0a:bc:c2:bd:bd:c9:95:c7:
07:ab:34:94:5e:b8:8a:fd:66:fe:9d:b9:17:a4:28:9b:25:e2:
d5:db:17:fc:e2:7b:3e:87:40:37:60:5d:4d:81:a0:9b:19:7e:
25:8c:50:94:10:fb:3e:3f:1f:77:66:e0:2e:4b:55:eb:97:ec:
f7:f3:44:cd:a1:86:07:e7:cb:77:93:be:9d:a4:8b:22:bc:ea:
78:12:0e:02:89:b6:9b:92:2d:d4:b5:c2:81:f2:08:ea:7f:59:
78:86:fa:71
</pre>
