[git] Scute - branch, master, updated. scute-1.3.0-64-g94eeb2d
by Damien Goutte-Gattat
cvs at cvs.gnupg.org
Mon Aug 8 11:36:46 CEST 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "PKCS#11 token on top of gpg-agent".
The branch, master has been updated
via 94eeb2d580f67bd56ba711e055d9ea2ea089ec89 (commit)
via b9b8319083b78168e69757fde020cb7d0b1f21e9 (commit)
via 0050056965eff7d3740680f49517f57851d51f38 (commit)
via b04c929fcef090e0e9788a8434f3401d271a1823 (commit)
via f0e91f6aeb5b8e38cfc46eeb306059136584d214 (commit)
from bc6c9e746432f4005aef359a620660a9d35df791 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 94eeb2d580f67bd56ba711e055d9ea2ea089ec89
Author: Damien Goutte-Gattat <dgouttegattat at incenp.org>
Date: Fri Aug 5 22:45:09 2016 +0200
doc: Update list of not implemented functions.
* README: Update list of not implemented functions.
* doc/manual/scute.texi: Likewise.
* TODO: Remove C_GenerateRandom from the TODO list.
Signed-off-by: Damien Goutte-Gattat <dgouttegattat at incenp.org>
diff --git a/README b/README
index acc9904..7064b29 100644
--- a/README
+++ b/README
@@ -317,9 +317,6 @@ The following functions are not supported:
C_VerifyRecoverInit, C_VerifyRec: Not supported. Only secret key
operations are supported.
-* C_SignInit, C_Sign: Currently, only signing 36 bytes
- (MD5+SHA1) hashes is supported (used for client authentication).
-
* C_DecryptInit, C_Decrypt: Not yet supported, but will be in the
future.
@@ -337,8 +334,7 @@ The following functions are not supported:
the tools accompanying the GnuPG software suite to generate and
import keys for use with the token.
-* C_SeedRandom, C_GenerateRandom: Not supported at this point.
- C_GenerateRandom may be supported in the future, though.
+* C_SeedRandom: Not supported.
* C_CreateObject, C_CopyObject, C_DestroyObject, C_SetAttributeValue:
Only read-only operations are supported on objects.
diff --git a/TODO b/TODO
index 75ef5fd..6f49130 100644
--- a/TODO
+++ b/TODO
@@ -13,7 +13,6 @@
** Windows: Find thread-safe replacement for localtime_r and timegm.
* Missing features:
-** Implement random number generation function C_GenerateRandom.
** Add canonical gnupg logging module.
** Mozilla ignores the CKA_TRUSTED attribute to certificates, so
exporting the information from GPGSM (ISTRUSTED) will not be
diff --git a/doc/manual/scute.texi b/doc/manual/scute.texi
index 0d16742..7199edf 100644
--- a/doc/manual/scute.texi
+++ b/doc/manual/scute.texi
@@ -710,11 +710,6 @@ Passphrase queries are implemented by the use of GPG Agent and Pinentry.
@itemx C_VerifyRec
Not supported. Only secret key operations are supported.
- at item C_SignInit
- at itemx C_Sign
-Currently, only signing 36 bytes (MD5+SHA1) hashes is supported (used
-for client authentication).
-
@item C_DecryptInit
@itemx C_Decrypt
Not yet supported, but will be in the future.
@@ -745,9 +740,7 @@ accompanying the GnuPG software suite to generate and import keys for
use with the token.
@item C_SeedRandom
- at itemx C_GenerateRandom
-Not supported at this point. @code{C_GenerateRandom} may be supported
-in the future, though.
+Not supported.
@item C_CreateObject
@itemx C_CopyObject
commit b9b8319083b78168e69757fde020cb7d0b1f21e9
Author: Damien Goutte-Gattat <dgouttegattat at incenp.org>
Date: Fri Aug 5 22:45:08 2016 +0200
doc: Scute can be used to sign documents.
* doc/manual/scute.texi: Explain how to use Scute with LibreOffice.
* doc/manual/libreoffice-certificate-selection.png: New image.
* doc/manual/libreoffice-digital-signatures.png: New image.
* doc/manual/libreoffice-pdf-signature.png: New image.
* doc/manual/Makefile.am: Include the new images.
* README: Mention that Scute can work with LibreOffice.
* doc/website/index.xhtml: Likewise.
Signed-off-by: Damien Goutte-Gattat <dgouttegattat at incenp.org>
diff --git a/README b/README
index 3e43aba..acc9904 100644
--- a/README
+++ b/README
@@ -26,7 +26,8 @@ authentication with SSL in Mozilla. See below for more details on how
to get this working.
Scute also allows you to sign emails with Thunderbird, using the
-S/MIME protocol.
+S/MIME protocol, and to sign OpenDocument and PDF files with
+LibreOffice.
Prerequisites
diff --git a/doc/manual/Makefile.am b/doc/manual/Makefile.am
index 14034e8..499e750 100644
--- a/doc/manual/Makefile.am
+++ b/doc/manual/Makefile.am
@@ -35,7 +35,9 @@ images = firefox-cm.png firefox-cm-view-detail.png firefox-cm-view.png \
firefox-dm-load-after.png firefox-dm-load-before.png \
firefox-dm-load.png firefox-dm-token-present.png firefox-pref.png \
firefox-pref-view.png firefox-bad-pin.png \
- thunderbird-account-settings.png thunderbird-smime-button.png
+ thunderbird-account-settings.png thunderbird-smime-button.png \
+ libreoffice-certificate-selection.png \
+ libreoffice-digital-signatures.png libreoffice-pdf-signature.png
images_eps = $(images:.png=.eps)
diff --git a/doc/manual/libreoffice-certificate-selection.png b/doc/manual/libreoffice-certificate-selection.png
new file mode 100644
index 0000000..ca94f37
Binary files /dev/null and b/doc/manual/libreoffice-certificate-selection.png differ
diff --git a/doc/manual/libreoffice-digital-signatures.png b/doc/manual/libreoffice-digital-signatures.png
new file mode 100644
index 0000000..9a84d6c
Binary files /dev/null and b/doc/manual/libreoffice-digital-signatures.png differ
diff --git a/doc/manual/libreoffice-pdf-signature.png b/doc/manual/libreoffice-pdf-signature.png
new file mode 100644
index 0000000..ab5cc35
Binary files /dev/null and b/doc/manual/libreoffice-pdf-signature.png differ
diff --git a/doc/manual/scute.texi b/doc/manual/scute.texi
index d7205db..0d16742 100644
--- a/doc/manual/scute.texi
+++ b/doc/manual/scute.texi
@@ -83,6 +83,7 @@ module.
* Preparation:: What you should do before using Scute.
* Client Authentication:: How to use Scute for client authentication.
* Email Signing:: How to use Scute for S/MIME email signing.
+* Document Signing:: How to use Scute with LibreOffice.
* Troubleshooting:: What to do when things go wrong.
* Internals:: Technical details about Scute.
@@ -118,6 +119,8 @@ Client Authentication
Email Signing
+Document Signing
+
Troubleshooting
Internals
@@ -210,8 +213,8 @@ application and GnuPG 2.0.
Currently supported usages are client authentication over HTTPS with
Firefox (allowing users to authenticate themselves to a remote web
-service without entering their log-in information), and email signing
-with Thunderbird.
+service without entering their log-in information), email signing
+with Thunderbird, and document signing with LibreOffice.
@node Preparation
@@ -574,6 +577,37 @@ will be prompted for your User PIN before the message is sent.
@center @image{thunderbird-smime-button,13cm}
+ at node Document Signing
+ at chapter Document Signing
+
+Scute can also be used with LibreOffice to sign OpenDocument files.
+
+First, you must load the Scute module into Mozilla Firefox according to
+the above procedure. Then, configure LibreOffice to use Firefox's
+certificate store by defining the @code{MOZILLA_CERTIFICATE_FOLDER}
+environment variable to your Firefox profile directory.
+
+Then, to sign the document you are editing, select the
+ at code{File->Digital Signatures...} menu option to open the
+ at code{Digital Signatures} dialog.
+
+ at center @image{libreoffice-digital-signatures,13cm}
+
+Click the @code{Sign Document} button to open the certificate selection
+dialog. Select your card-based certificate, then validate. Enter your
+User PIN when prompted by GPG Agent.
+
+ at center @image{libreoffice-certificate-selection,13cm}
+
+You may also sign a PDF export of your document. Select the
+ at code{File->Export as PDF...} menu option to open the @code{PDF Options}
+dialog. In the @code{Digital Signatures} tab, use the @code{Select}
+button to open the certificate selection dialog as above. You will be
+prompted for your User PIN when you will click the @code{Export} button.
+
+ at center @image{libreoffice-pdf-signature,13cm}
+
+
@node Troubleshooting
@chapter Troubleshooting
diff --git a/doc/website/index.xhtml b/doc/website/index.xhtml
index bd60464..cd182a7 100644
--- a/doc/website/index.xhtml
+++ b/doc/website/index.xhtml
@@ -67,8 +67,8 @@
<p>
Currently, supported usages are <a
href="http://en.wikipedia.org/wiki/Https">HTTPS</a> client
- authentication and S/MIME email signing using X.509
- certificates.
+ authentication, S/MIME email signing, and document signing with
+ <a href="http://www.libreoffice.org/">LibreOffice</a>.
</p>
<p>
You can <a href="documentation.xhtml">read the
commit 0050056965eff7d3740680f49517f57851d51f38
Author: Damien Goutte-Gattat <dgouttegattat at incenp.org>
Date: Fri Aug 5 22:45:07 2016 +0200
doc: Scute can now be used to sign emails.
* doc/manual/scute.texi: Explain how to use Scute for email signing.
* doc/manual/thunderbird-account-settings.png: New image.
* doc/manual/thunderbird-smime-button.png: New image.
* doc/manual/Makefile.am: Include the two above files.
* doc/website/index.xhtml: Mention the email signing capability.
* README: Likewise.
--
Since commit e22c8cf, which added support for generic hash functions
in addition to the TLS-specific 'tls-md5sha1', Scute is no longer
limited to TLS client authentication.
Signed-off-by: Damien Goutte-Gattat <dgouttegattat at incenp.org>
diff --git a/README b/README
index 43a6212..3e43aba 100644
--- a/README
+++ b/README
@@ -25,9 +25,8 @@ Scute enables you to use your OpenPGP smart card for client
authentication with SSL in Mozilla. See below for more details on how
to get this working.
-In the future, Scute will enable you to use your OpenPGP smart card
-for email decryption and signing with Thunderbird, using the X.509
-protocol.
+Scute also allows you to sign emails with Thunderbird, using the
+S/MIME protocol.
Prerequisites
diff --git a/doc/manual/Makefile.am b/doc/manual/Makefile.am
index 62431d7..14034e8 100644
--- a/doc/manual/Makefile.am
+++ b/doc/manual/Makefile.am
@@ -34,7 +34,8 @@ DISTCLEANFILES = scute.tmp
images = firefox-cm.png firefox-cm-view-detail.png firefox-cm-view.png \
firefox-dm-load-after.png firefox-dm-load-before.png \
firefox-dm-load.png firefox-dm-token-present.png firefox-pref.png \
- firefox-pref-view.png firefox-bad-pin.png
+ firefox-pref-view.png firefox-bad-pin.png \
+ thunderbird-account-settings.png thunderbird-smime-button.png
images_eps = $(images:.png=.eps)
diff --git a/doc/manual/scute.texi b/doc/manual/scute.texi
index 749b4c4..d7205db 100644
--- a/doc/manual/scute.texi
+++ b/doc/manual/scute.texi
@@ -82,6 +82,7 @@ module.
* Introduction:: How to use this manual.
* Preparation:: What you should do before using Scute.
* Client Authentication:: How to use Scute for client authentication.
+* Email Signing:: How to use Scute for S/MIME email signing.
* Troubleshooting:: What to do when things go wrong.
* Internals:: Technical details about Scute.
@@ -115,6 +116,8 @@ Client Authentication
* Application Configuration:: Preparing the application for use with Scute.
* Authentication With Service:: Using Scute for client authentication.
+Email Signing
+
Troubleshooting
Internals
@@ -178,7 +181,7 @@ Anybody can use, modify, and redistribute it under the terms of the GNU
General Public License (@pxref{Copying}).
@item it's built to grow
-Although Scute currently only provides a single function, client
+Although Scute initially provided a single function, client
authentication using OpenPGP smart cards in Mozilla-based web browsers,
it was built with the intention of supporting other applications as well
in the future.
@@ -205,10 +208,10 @@ Instead, it uses the GnuPG 2.0 framework to access the smart cards and
associated data like certificates. Scute acts as the glue between the
application and GnuPG 2.0.
-Currently, only client authentication over HTTPS with Firefox using the
-OpenPGP card is supported. In this configuration, Scute allows users to
-authenticate themselves to a remote web service without entering their
-log-in information.
+Currently supported usages are client authentication over HTTPS with
+Firefox (allowing users to authenticate themselves to a remote web
+service without entering their log-in information), and email signing
+with Thunderbird.
@node Preparation
@@ -545,6 +548,32 @@ the @code{Try Again} button does not work as expected:
@comment FIXME: Document possible error codes.
+ at node Email Signing
+ at chapter Email Signing
+
+Scute also allows you to use your card-based X.509 certificate to sign
+your emails with the S/MIME signature format. This has been tested
+with Mozilla Thunderbird only, but should work with any mail client
+with support for PKCS #11 (notably GNOME Evolution).
+
+You must first load the Scute module into your mail client. With
+Mozilla Thunderbird, the procedure is the same as the one described
+above for Mozilla Firefox.
+
+Then, open your accent configuration dialog (@code{Edit->Account
+Settings}), and in the @code{Security} tab, under the section
+ at code{Digital Signing}, use the @code{Select...} button to associate
+your card-based certificate with your account.
+
+ at center @image{thunderbird-account-settings,13cm}
+
+When writing a new message, you may then use the @code{S/MIME} button
+and select @code{Digitally sign this message} in the popup menu. You
+will be prompted for your User PIN before the message is sent.
+
+ at center @image{thunderbird-smime-button,13cm}
+
+
@node Troubleshooting
@chapter Troubleshooting
diff --git a/doc/manual/thunderbird-account-settings.png b/doc/manual/thunderbird-account-settings.png
new file mode 100644
index 0000000..a1caa4e
Binary files /dev/null and b/doc/manual/thunderbird-account-settings.png differ
diff --git a/doc/manual/thunderbird-smime-button.png b/doc/manual/thunderbird-smime-button.png
new file mode 100644
index 0000000..5492b08
Binary files /dev/null and b/doc/manual/thunderbird-smime-button.png differ
diff --git a/doc/website/index.xhtml b/doc/website/index.xhtml
index 78f8d82..bd60464 100644
--- a/doc/website/index.xhtml
+++ b/doc/website/index.xhtml
@@ -65,12 +65,10 @@
that makes use the NSS library.
</p>
<p>
- Currently, only <a
+ Currently, supported usages are <a
href="http://en.wikipedia.org/wiki/Https">HTTPS</a> client
- authentication is supported. In the future, Scute will also
- allow you to use your OpenPGP Card with <a
- href="http://www.mozilla.com/">Thunderbird</a> for signing and
- decrypting e-mails using X.509 certificates.
+ authentication and S/MIME email signing using X.509
+ certificates.
</p>
<p>
You can <a href="documentation.xhtml">read the
commit b04c929fcef090e0e9788a8434f3401d271a1823
Author: Damien Goutte-Gattat <dgouttegattat at incenp.org>
Date: Fri Aug 5 22:45:06 2016 +0200
doc: Remove obsolete info about Mozilla PSM.
* README: Remove obsolete instruction about the Mozilla Personal
Security Manager.
--
Mozilla does no longer ship the Personal Security Manager as a
separate package; it is now built directly with Firefox.
Signed-off-by: Damien Goutte-Gattat <dgouttegattat at incenp.org>
diff --git a/README b/README
index e4dc01e..43a6212 100644
--- a/README
+++ b/README
@@ -47,10 +47,7 @@ Installation
============
To install the PKCS #11 Module, follow the generic installation
-instructions in the file INSTALL that accompanies this software. You
-also need to install the Mozilla Personal Security Manager (PSM),
-which may come with your GNU/Linux distribution in a package named
-mozilla-psm or similar.
+instructions in the file INSTALL that accompanies this software.
After installation, you can configure Mozilla to use Scute by
visiting the preferences dialog in the "advanced" category, under
commit f0e91f6aeb5b8e38cfc46eeb306059136584d214
Author: Damien Goutte-Gattat <dgouttegattat at incenp.org>
Date: Fri Aug 5 22:45:05 2016 +0200
doc: Scute can automatically start the agent.
* README: Remove paragraph about the need to have an agent up and
running and the GPG_AGENT_INFO variable set.
* doc/manual/scute.texi: Likewise.
--
As all other components of GnuPG, Scute does not need the
GPG_AGENT_INFO variable anymore, and can start the agent on
demand.
Signed-off-by: Damien Goutte-Gattat <dgouttegattat at incenp.org>
diff --git a/README b/README
index 5483062..e4dc01e 100644
--- a/README
+++ b/README
@@ -57,11 +57,6 @@ visiting the preferences dialog in the "advanced" category, under
"Security Devices". There you can "load" the module from its
installed path, e.g. "/usr/lib/libscute.so".
-Note that for the module load to complete successfully, the GPG Agent
-must be running and available. On Unix systems this means that
-Mozilla needs to have the GPG_AGENT_INFO variable set correctly in its
-environment.
-
Client Authentication
=====================
diff --git a/doc/manual/scute.texi b/doc/manual/scute.texi
index 35e0af2..749b4c4 100644
--- a/doc/manual/scute.texi
+++ b/doc/manual/scute.texi
@@ -258,14 +258,6 @@ configured:
Scute uses the GnuPG 2.0 framework to access the OpenPGP card and for
certificate management. The minimum version required is 2.0.0.
- at strong{Caution:} A functional installation of GnuPG 2.0 requires a
-running GPG Agent process, which must be advertised to the applications
-via the @code{GPG_AGENT_INFO} environment variable. Please make sure
-that you fulfill this requirement before using Scute in an application,
-running the Scute test suite, or preparing certificates as described in
- at ref{Certificate Preparation}. @xref{Invoking GPG-AGENT, , , gnupg,
-Using the GNU Privacy Guard}, for details on how to run the GPG Agent.
-
@item Pinentry
Pinentry is a dependency of GnuPG 2.0, so it also needs to be installed
with it.
-----------------------------------------------------------------------
Summary of changes:
README | 22 ++----
TODO | 1 -
doc/manual/Makefile.am | 5 +-
doc/manual/libreoffice-certificate-selection.png | Bin 0 -> 5267 bytes
doc/manual/libreoffice-digital-signatures.png | Bin 0 -> 4998 bytes
doc/manual/libreoffice-pdf-signature.png | Bin 0 -> 8607 bytes
doc/manual/scute.texi | 90 +++++++++++++++++------
doc/manual/thunderbird-account-settings.png | Bin 0 -> 20010 bytes
doc/manual/thunderbird-smime-button.png | Bin 0 -> 7197 bytes
doc/website/index.xhtml | 8 +-
10 files changed, 81 insertions(+), 45 deletions(-)
create mode 100644 doc/manual/libreoffice-certificate-selection.png
create mode 100644 doc/manual/libreoffice-digital-signatures.png
create mode 100644 doc/manual/libreoffice-pdf-signature.png
create mode 100644 doc/manual/thunderbird-account-settings.png
create mode 100644 doc/manual/thunderbird-smime-button.png
hooks/post-receive
--
PKCS#11 token on top of gpg-agent
http://git.gnupg.org
More information about the Gnupg-commits
mailing list