On Tue, Sep 12, 2023 at 05:27:15PM +0100, Simon McVittie wrote: > On Tue, 12 Sep 2023 at 10:52:16 -0400, Paul Tagliamonte wrote: > > I have NSS set up to talk with OpenSC > > "NSS" is unfortunately ambiguous in this context. Is this the glibc Name > Service Switch (the thing that for example libnss-systemd integrates > with), or Mozilla's Netscape Security Services (libnss3), or some secret > third thing also named NSS?
Ah, very sorry. libnss3. I usually use OpenSC in the following configuration: ``` modutil -add "OpenSC" \ -libfile /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so \ -dbdir sql:$HOME/.pki/nssdb ``` However, when I went to confirm my notes[1] against my running system, I found it to be in a different state (using onepin-opensc-pkcs11.so, which is new to me): | An aside: | | [1]: My notes are in the form of manpages for stuf I do infrequently but | want to remember. Here's a markdon of the yubkey manpage when I noodle | with using it in OpenSC mode, in case this is helpful for more | information: https://gist.github.com/paultag/2c35b62e85a032856c2cb97345c3d24d | | That's from 2017, so the world has changed quite a bit, and some of it | is bad / outdated advice, so I'd just use it to help understand likely | system configuration than best practice -- for instance, don't use | pkcs#11 for ssh keys anymore pls :) Related output when using `modutil -list -dbdir sql:$HOME/.pki/nssdb` I'm seeing a slightly different configuration (hurmm, odd): ``` 2. OpenSC smartcard framework (0.22) library name: /usr/lib/x86_64-linux-gnu/onepin-opensc-pkcs11.so uri: pkcs11:library-manufacturer=OpenSC%20Project;library-description=OpenSC%20smartcard%20framework;library-version=0.23 slots: 1 slot attached status: loaded slot: token: uri: pkcs11: ``` dpkg output from the packages I know about off the top of my head that would be involved that aren't in the last report: ii opensc 0.23.0-1 amd64 Smart card utilities with support for PKCS#15 compatible cards ii opensc-pkcs11:amd64 0.23.0-1 amd64 Smart card utilities (PKCS#11 module) ii libnss3:amd64 2:3.92-1 amd64 Network Security Service libraries ii libnss3-dev:amd64 2:3.92-1 amd64 Development files for the Network Security Service libraries ii libnss3-tools 2:3.92-1 amd64 Network Security Service tools ii libykpiv-dev:amd64 2.2.0-1.1 amd64 Development files for the YubiKey PIV Library ii libykpiv2:amd64 2.2.0-1.1 amd64 Library for communication with the YubiKey PIV smartcard ii pcscd 2.0.0-1 amd64 Middleware to access a smart card using PC/SC (daemon side) ii libccid 1.5.2-1 amd64 PC/SC driver for USB CCID smart card readers -- :wq
signature.asc
Description: PGP signature
