AdminSysGNULinux

Outils pour utilisateurs

Outils du site

Piste : blog
blog

Table des matières

1 billet(s) pour avril 2026

Notes ping ICMP2026/04/03 23:01Jean-Baptiste

Notes carte à puce - smart card

Voir :

x509

Coté serveur :

Python: 

sudo aptitude install pcscd libpcsclite1 pcsc-tools
sudo aptitude install openct opensc

Test your Token 

opensc-tool -lv
openct-tool list
pcsc_scan

Voir aussi :

How can I distinguish a Nitrokey HSM 1 from an Nitrokey HSM 2?

FIXME Use 

opensc-tool --list-algorithms

Outils

  • opensc-tool
  • pkcs11-tool
  • pkcs15-tool
  • pkcs15-init
  • cardos-tool

Install - Vérif - Drivers

pkcs11-tool --module opensc-pkcs11.so -L

OpenSSL

List the available slots. 

pkcs11-tool --list-slots

FIXME 

openssl req -engine pkcs11 -new -key slot_X-id_XXXX -keyform engine -x509 -out cert.pem -text

where X is the appropriate slot number and XXXX is the slot ID, e.g. “… -key slot_5-id_c6f280080fb0ed1ebff0480a01d00a98a1b3b89a …”

GPG

Reset to factory defaults: Make sure GnuPG agent is started, if not: 

eval $(gpg-agent --daemon)

Send the reset commands: 

gpg-connect-agent < file

Where “file” contains: 

hex
scd serialno
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
scd apdu 00 e6 00 00
scd apdu 00 44 00 00
/echo Reset complete

Source https://blog.mozilla.org/security/2013/02/13/using-cryptostick-as-an-hsm/

Autres

data objects (DF, EF)

pkcs

The three keys in the have these IDs: Singing key: 1, Decryption key: 2, Authentication: 3.

Key generation via pkcs15-init 

pkcs15-init --delete-objects privkey,pubkey --id 3 --generate-key rsa/2048 --auth-id 3 --verify

The keyspec consist of the key type (only RSA is supported) and optinally a slash followed by the keysize in bits (defaults to 1024). E.g to generate a 1024-bit RSA key, use pkcs15-init -G rsa/1024 -a 01 -l testkey

There is limitation: pkcs15-init requires new key length to be the same as existing key. To generate key with different key length, openpgp-tool is recommended.

pkcs15-init also requires to explicitly remove existing key/object. That’s why we have --delete-objects privkey,pubkey --id 3 in the command (though it has no effect to CryptoStick, which does not support deleting key, but support overwriting key).

Source : https://github.com/OpenSC/OpenSC/wiki/OpenPGP-card

Autres 

pkcs15-tool --dump
pkcs15-init --delete-objects privkey,pubkey --id 3 --store-private-key myprivate.p12 --format pkcs12 --auth-id 3 --verify-pin
$ pkcs15-init --delete-objects privkey,pubkey --id 2 --store-private-key myprivate.p12 --format pkcs12 --auth-id 3 --verify-pin

The two commands copy the key-certificate pair to the slot 2 (needed for decrypting emails) and slot 3 (needed for signing).

Autres - Génération paire de clefs pour s/mime 

#set +o history
export HISTCONTROL = ignorespace
 pkcs11-tool --module opensc-pkcs11.so --login --pin 648219 --keypairgen --key-type rsa:2048 --id 40 --label "antispam@relst.nl"
2025/03/24 15:06

Notes calDAV cardDAV Radicale

Voir https://radicale.org/ 

#docker run -d --name radicale -p 5232:5232 --read-only -v ~/radicale/data:/data jean/radicale
 
#https://hub.docker.com/r/tomsquest/docker-radicale/
 
mkdir -p /radicale/{data,config}
 
#https://raw.githubusercontent.com/tomsquest/docker-radicale/master/config
cp config /radicale/config/config
 
docker run -d --name radicale \
    --restart unless-stopped \
    -p 5232:5232 \
    tomsquest/docker-radicale \
    -v /radicale/data:/data \
    -v /radicale/config:/config:ro \

Err

# docker logs -f radicale2
[2023-11-02 21:54:35 +0000] [1/Thread-5614 (process_request_thread)] [WARNING] Bad PUT request on '/jean/834e22fd-c39b-b77b-c954-7508455970e9/Maison.org': At line 1: Failed to parse line: * Ranger papiers

192.168.1.12 - - [02/Nov/2023:22:54:35 +0100] "PUT /radicale/jean/834e22fd-c39b-b77b-c954-7508455970e9/Maison.org HTTP/1.1" 401 206 "-" "okhttp/4.10.0-RC1"
192.168.1.12 - jean [02/Nov/2023:22:54:35 +0100] "PUT /radicale/jean/834e22fd-c39b-b77b-c954-7508455970e9/Maison.org HTTP/1.1" 400 21 "-" "okhttp/4.10.0-RC1"
2025/03/24 15:06

Notes bup

Voir notes_git_annex

Liens : 

apt-get install --no-install-recommends par2 bup python-fuse sshfs
mkdir -p /home/bup/system
export BUP_DIR=/home/bup/system
 
bup init
 
bup index /etc
bup save -n $(hostname -s)-etc /etc
 
bup fsck -g

Gitk 

cd ${BUP_DIR:-~/.bup}
gitk --all

ou 

git branch -l
git for-each-ref
git log --oneline --graph --color --all --decorate
cd $HOME
GIT_DIR=~/.bup git log --all

Sauvegarder une machine distante

Bup soit être installé sur la machine “sauvegardeur” et sur la machine à sauvegarder

Les données seront sauvegardées ici 

mkdir $HOME/backup/serveur
export BUP_DIR=$HOME/backup/serveur

Le dépôt .bup doit exister sur la machine distante. Il ne contiendra pas les données, mais les indexes 

bup init -r portable1:.bup

On sauvegarde 

bup on serveur index -vux /etc
bup on serveur save -n NOM /etc

Optionnel : construction des informations de parité. La taille de la sauvegarde augmentera, mais en cas de corruption il sera plus probable de récupérer les données 

bup fsck -g

Restauration

Mount fuse 

export BUP_DIR=/home/bup/aaa
bup fuse ~/mnt/aaa/
cd /home/bup/mnt/aaa/svn-aaa/2019-03-04-233235

Web 

sudo apt-get install python-tornado
export BUP_DIR=/home/bup/aaa
bup web 0.0.0.0:8080
curl http://repo-docker:8080/svn-aaa/latest/mnt/
2025/03/24 15:06

Notes Bluetooth HCI BlueZ

# lsusb |egrep -i bluetooth
Bus 002 Device 002: ID 1131:1001 Integrated System Solution Corp. KY-BT100 Bluetooth Adapter

# rfkill list
0: asus-wlan: Wireless LAN
	Soft blocked: no
	Hard blocked: no
1: phy0: Wireless LAN
	Soft blocked: no
	Hard blocked: no
2: hci0: Bluetooth
	Soft blocked: no
	Hard blocked: no

# hcitool dev
Devices:
	hci0	00:11:67:81:EC:EF
hciconfig -a
# bluetoothctl
[bluetooth]# devices 
Device C0:C9:76:C3:A7:92 SUNNY
hcitool inq
hcitool scan
2025/03/24 15:06

Notes BIOS UEFI EFI

Voir :

Préreq

La partition ESP pour les machines EFI aura une taille minimale de 500 Mio au lieu de 200 Mio

Les systèmes de fichiers pris en charge incluent FAT32, FAT16 et FAT12 (mais pas exFAT ni NTFS).

Firmware

Notes BIOS UEFI EFI - micrologiciel - boot manager firmwares - fichiers EFI - extention efi - EFI application

efibootmgr

efibootmgr

Boot démarrage par défaut

Voir Notes BIOS UEFI EFI - Boot démarrage par défaut

Change Secure Boot state

https://wiki.ubuntu.com/UEFI/SecureBoot/DKMS 

sudo mokutil --disable-validation
sudo reboot

Select Change Secure Boot state

Suis-je en UEFI ?

dmesg | grep -i EFI

Ou 

modprobe efivars
ls -la /sys/firmware/efi/efivars

Secure boot

# dmesg | grep secureboot
[    0.000000] secureboot: Secure boot enabled

Autres

Fichiers :

  • /sys/firmware/efi/vars
  • /sys/firmware/efi/efivars
2025/03/24 15:06
, ,

<< Billets récents | Anciens billets >>

blog.txt · Dernière modification : de 127.0.0.1
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki