domingo, 3 de mayo de 2026

Ubuntu 24.Ver información de los certificados nss, p12 y pkcs11

1. nss 

Ver los alias de los certificados p12 guardados en nss

certutil -L -d sql:$HOME/.pki/nssdb

Y muestra

Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI

EPN1                                                         u,u,u
ACCVCA-120 - ACCV                                            ,,   
Ximet Dante - YO MISMO                                       u,u,u
SocketAutoFirma                                              CT,C,C
FIRMA                                                        u,u,u
ACCV ROOT RSA EIDAS 2023 - ISTEC                             ,,   
ACCV RSA1 PROFESIONALES - ISTEC                              ,,   
ACCV RSA1 CLIENTE - ISTEC                                    ,,

Ver los alias de los certificados pkcs11 guardados en nss

modutil -list -dbdir sql:$HOME/.pki/nssdb

Y muestra

Listing of PKCS #11 Modules
-----------------------------------------------------------
  1. NSS Internal PKCS #11 Module
	   uri: pkcs11:library-manufacturer=Mozilla%20Foundation;library-description=NSS%20Internal%20Crypto%20Services;library-version=3.98
	 slots: 2 slots attached
	status: loaded

	 slot: NSS Internal Cryptographic Services
	token: NSS Generic Crypto Services
	  uri: pkcs11:token=NSS%20Generic%20Crypto%20Services;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203

	 slot: NSS User Private Key and Certificate Services
	token: NSS Certificate DB
	  uri: pkcs11:token=NSS%20Certificate%20DB;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203

  2. DNIe
	library name: /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
	   uri: pkcs11:library-manufacturer=OpenSC%20Project;library-description=OpenSC%20smartcard%20framework;library-version=0.22
	 slots: 1 slot attached
	status: loaded

	 slot: bit4id miniLector-EVO 00 00
	token: DNI electrónico (PIN1)
	  uri: pkcs11:token=DNI%20electr%C3%B3nico%20(PIN1);manufacturer=DGP-FNMT;serial=020338240b552f;model=PKCS%2315%20emulated
-----------------------------------------------------------

También se puede utilizar el comando p11tool (previa instacion con sudo apt install gnutls-bin

p11tool --list-tokens

Y muestra

Token 0:
	URL: pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit;serial=1;token=System%20Trust
	Label: System Trust
	Type: Trust module
	Flags: uPIN uninitialized
	Manufacturer: PKCS#11 Kit
	Model: p11-kit-trust
	Serial: 1
	Module: p11-kit-trust.so


Token 1:
	URL: pkcs11:model=PKCS%2315%20emulated;manufacturer=DGP-FNMT;serial=020338240b552f;token=DNI%20electr%C3%B3nico%20%28PIN1%29
	Label: DNI electrónico (PIN1)
	Type: Hardware token
	Flags: RNG, Requires login
	Manufacturer: DGP-FNMT
	Model: PKCS#15 emulated
	Serial: 020338240b552f
	Module: opensc-pkcs11.so

T


2. Firefox 

Firefox puede tener vaios perfiles, por tanto debemos averiguar primero el perfil antes de listar los certificados:

cat ~/.mozilla/firefox/profiles.ini

Y devuelve (el marcado en azul es el correcto)

[Install4F96D1932A9F858E]
Default=tiorqkz7.default-release-1695576053842
Locked=1

[Profile1]
Name=default
IsRelative=1
Path=iyig11y7.default
Default=1

[Profile0]
Name=default-release
IsRelative=1
Path=tiorqkz7.default-release-1695576053842

[General]
StartWithLastProfile=1
Version=2

Ver los alias de los certificados guardados en firefox en ese perfil (nss)

certutil -L -d sql:$HOME/.mozilla/firefox/tiorqkz7.default-release-1695576053842

Y muestra

Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI

ACCVCA-120 - ACCV                                            ,,   
EPN1                                                         u,u,u
SocketAutoFirma                                              C,,


Y para ver los certificados pkcs11 que ve mozilla:

modutil -list -dbdir sql:$HOME/.mozilla/firefox/tiorqkz7.default-release-1695576053842

Y muestra

Listing of PKCS #11 Modules
-----------------------------------------------------------
  1. NSS Internal PKCS #11 Module
	   uri: pkcs11:library-manufacturer=Mozilla%20Foundation;library-description=NSS%20Internal%20Crypto%20Services;library-version=3.98
	 slots: 2 slots attached
	status: loaded

	 slot: NSS Internal Cryptographic Services
	token: NSS Generic Crypto Services
	  uri: pkcs11:token=NSS%20Generic%20Crypto%20Services;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203

	 slot: NSS User Private Key and Certificate Services
	token: NSS Certificate DB
	  uri: pkcs11:token=NSS%20Certificate%20DB;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203

  2. Nuevo módulo PKCS#11
	library name: /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
	   uri: pkcs11:library-manufacturer=OpenSC%20Project;library-description=OpenSC%20smartcard%20framework;library-version=0.22
	 slots: 1 slot attached
	status: loaded

	 slot: bit4id miniLector-EVO 00 00
	token: DNI electrónico (PIN1)
	  uri: pkcs11:token=DNI%20electr%C3%B3nico%20(PIN1);manufacturer=DGP-FNMT;serial=020338240b552f;model=PKCS%2315%20emulated
-----------------------------------------------------------





Publicado por en

No hay comentarios :

Publicar un comentario

Suscribirse a: Enviar comentarios ( Atom )