Some users have been using the same OpenSSH RSA key for a long time and feel happy to keep them.
The pros: after transfer, copy your original certificates (id_rsa) to a laser disc and store it in a safe place. This is a very good way to enhance security and have a backup of your SSH keys.
The cons: not all OpenSSH formats are supported and it seems that the Feitian PKI is a little bit picky. DSA format is not supported. This solution is not considered perfectly secure. If your computer is compromised, the secret key may be compromised.
Reusing OpenSSH RSA keys
Before all, you should know that the Feitian PKI only accepts 1024bit or 2048bit RSA key. OpenSSH DSA keys are not accepted.
Save the OpenSSH private RSA key in PEM format:
$ openssl rsa -in ~/.ssh/id_rsa -outform pem > id_rsa.pem
Transfer the key to to smartcard:
$ pkcs15-init --store-private-key id_rsa.pem --auth-id 01 --pin 0000
Bookmark/Search this post with
Blinklist
del.icio.us
Digg
Facebook
Favorite
Google
Google Buzz
Icerocket
LinkedIn
Newsvine
Propeller
Reddit
SlashDot
StumbleUpon
Technorati
Twitter
Yahoo
Printer-friendly version- 2485 reads
PDF version
