PIV-tool in windows environment

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

PIV-tool in windows environment

Ravneet Singh Khalsa

Hello experts,

 

I am considering using PIV-tool for certificate enrollment for PIV cards for my company. I am following the instructions specified in the link http://www.opensc-project.org/opensc/wiki/PivTool. I have downloaded the opensc-i686-w64-mingw32-011-base build on my windows 7 client machine. The instructions on the above link looks like UNIX instructions. Can I get equivalent windows instructions ? I was able to generate public key using piv-tool, but I could not generate certificate request using SSL. Is there equivalent command for Windows specific environment ?

 

The command seems to be pointing to engine_pkcs11.so and opensc-pkcs11.so files. I couldn’t find these files anywhere.

 

Any help would be appreciated.

 

Thanks,

Ravneet

 

I am a programmer and I understand only programming languages.

 


_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: PIV-tool in windows environment

Peter Stuge-4
Ravneet Singh Khalsa wrote:
> Is there equivalent command for Windows specific environment ?
>
> The command seems to be pointing to engine_pkcs11.so and
> opensc-pkcs11.so files. I couldn't find these files anywhere.
..
> I am a programmer and I understand only programming languages.

It's good for programmers to know about systems too.

Look for the same files named .dll.


//Peter
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: PIV-tool in windows environment

Douglas E. Engert
In reply to this post by Ravneet Singh Khalsa
First of all, the piv-tool was designed to be used for test cards only,
and only supports the commands from NIST 800-73-3, as each card vendor
may have additional commands and requirements, such as Global Platform
commands, or the need to finalize a card. NIST 800-73-3 does not provide
a way to write a private key to or from the card, thus there is no
standard way to escrow a key. That said, piv-tool does have a -s option
to allow other commands to be sent to the card, asnd can be used with the
vendor documentation.

You will need a lot more then piv-tool to do proper card management.
http://fips201ep.cio.gov/apl.php
has a list of approved products, including card management.


On 9/26/2012 7:07 PM, Ravneet Singh Khalsa wrote:
> Hello experts,
>
> I am considering using PIV-tool for certificate enrollment for PIV cards for my company. I am following the instructions specified in the link http://www.opensc-project.org/opensc/wiki/PivTool. I have
> downloaded the opensc-i686-w64-mingw32-011-base build on my windows 7 client machine. The instructions on the above link looks like UNIX instructions. Can I get equivalent windows instructions ? I was
> able to generate public key using piv-tool, but I could not generate certificate request using SSL. Is there equivalent command for Windows specific environment ?
>
> The command seems to be pointing to engine_pkcs11.so and opensc-pkcs11.so files. I couldn’t find these files anywhere.
>

As Peter saind look for the .dlls

I do have a set of scripts to manage test cards, but they are Unix.
I can send them, but they are not in top shape, and get changed as needed.


> Any help would be appreciated.
>
> Thanks,
>
> Ravneet
>
> I am a programmer and I understand only programming languages.



>
>
>
> _______________________________________________
> opensc-devel mailing list
> [hidden email]
> http://www.opensc-project.org/mailman/listinfo/opensc-devel
>

--

  Douglas E. Engert  <[hidden email]>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444


_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel