Patches gpg-agent + scute for ssl/tls auth using opengpg card with 2048 rsa key
Damien Goutte-Gattat
dgouttegattat at incenp.org
Sat Sep 13 21:35:55 CEST 2014
On 09/13/2014 03:33 PM, Oliver Winker wrote:
> For the debug env, it's basically an apache ssl/tls setup with client auth.
Same here, but I also performed some tests with the tools provided with
GnuTLS and OpenSSL, which comes in handy if you don't have a running web
server around.
For example, with GnuTLS:
$ gnutls-serv --http --port=8000 \
--x509certfile=server-cert.pem --x509keyfile=server-key.pem \
--require-client-cert --x509cafile=client-ca-cert.pem
And with OpenSSL:
$ openssl s_server -HTTP -accept 8000 \
--cert server-cert.pem --key server-key.pem \
--Verify 1 -CAfile client-ca-cert.pem
Both commands start a web server that will listen on localhost port 8000
and will expect a client to present a certificate signed by
`client-ca-cert.pem'.
Yet another option is to use Thunderbird: configure it to use Scute as a
Security Device the same way you do with Firefox, then send to yourself
a mail that you will attempt to sign (using S/MIME, *not* OpenPGP) with
your card-based certificate. That's even simpler than the above, since
you do not need to generate a server certificate at all.
Damien
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140913/6b383b81/attachment.sig>
More information about the Gnupg-devel
mailing list