Reading SSH public key on card (client side)

Connect the smart card reader and insert a smart card.
If you are using a token, connect the USB key.

In the next paragraphs, '*' indicate that text was shortened for readability.

Query the available RSA keys:

$ pkcs15-tool --list-public-keys

Using reader with a card: OmniKey CardMan 4321 00 00
Public RSA Key [Public Key]
Com. Flags : 2
Usage : [0x4], sign
Access Flags: [0x0]
ModLength : 2048
Key ref : 0
Native : no
Path : 3f0050153000
Auth ID : 01
ID : 7645d913d5b4e03f3fe5*****f02324c23a7ebf

In our example, the public key ID is 7645d913d5b4e03f3fe5*****f02324c23a7ebf4.

Sometimes, there is no public key, only a private key. Try:

$ pkcs15-tool --list-keys

Using reader with a card: Feitian ePass2003 00 00
Private RSA Key [Private Key]
Object Flags : [0x3], private, modifiable
Usage : [0x2E], decrypt, sign, signRecover, unwrap
Access Flags : [0x0]
ModLength : 2048
Key ref : 0 (0x0)
Native : yes
Path : 3f0050152900
Auth ID : 01
ID : 7645d913d5b4e03f3fe5*****f02324c23a7ebf

Now extract the RSA key in SSH format:

$ pkcs15-tool --read-ssh-key 7645d913d5b4e03f3fe5*****f02324c23a7ebf4

Using reader with a card: OmniKey CardMan 4321 00 00
Please enter PIN [User PIN]:
2048 65537 258115708996235*****134757454178319
ssh-rsa AAAAB3NzaC*****ed0aZdx9FFu/w6l7P5KsndWgP

Notice the RSA public key in SSH format:

ssh-rsa AAAB3NzaC*****ed0aZdx9FFu/w6l7P5KsndWgP

Bookmark/Search this post with

Learn how to buy without VAT. Read our shipping policies. Validate your account using SMS to allow shipping small items at low price.

Feitian PKI: 12.90€

Buy the FEITIAN PKI card for only 12.90€. We ship to any European-Union country starting from 0.90 €. Learn more ...

Feitian ePass PKI token: 34.90€

Discover the best token for GNU/Linux, Mac OS X and Windows. Full support from OpenSC free software solutions, no proprietary driver needed.

PIN code security.
RSA keys up to 2048bit.
Standard X.509 v3 certificates.
On-board RSA DES 3DES SHA1.
Both PKCS#11 and MS-CAPI.
64K user space.
Compatible with: Iceweasel, Firefox, Evolution, Seahorse, OpenSSL, OpenSSH, PAM P11 and PAM PKCS11 authentication modules, Strongswan, Putty CAC, WinSCP, LoopAES, Truecrypt, etc...
Tested with online CAs like CaCert.org and StartSSL.

Buy the FEITIAN ePass PKI token for only 34.90€ ... 30 day satisfied or cash back.

Fast delivery
Order placed on GOOZE before 15:00 are shipped the same day. Orders placed after 15:00 are shipped next business day.

Apply for a free FEITIAN PKI card

GOOZE and FEITIAN are happy to donate 20 Feitian PKI cards to Free Software projects. If your project meets certain criteria, please apply for a free card.

Translating GOOZE

GOOZE is being translated into French. Thank you for your patience!

Reading SSH public key on card (client side)

Catalog

My account

Upcoming events

Feitian PKI: 12.90€

Feitian ePass PKI token: 34.90€

Apply for a free FEITIAN PKI card

Translating GOOZE