How do I import an X.509 Certificate onto an OpenPGP smartcard?

Grant Olson kgo at
Sun Feb 13 01:41:26 CET 2011

In both the product description for the OpenPGP V2.0 card and the spec
itself there is some discussion of a "Cardholder Certificate" Data
Object in the V2.0 cards.

I've got one of those free X.509 email certificate from Comodo, and was
attempting to upload it to the card.  I can import the .p12 file into
gpgsm, but then it resides in a file under .gnupg.

Firstly, can I actually import a certificate like this onto the card?
Or do I simply misunderstand the specs?

Secondly, is there a command somewhere in gpg/gpgsm/gpg* to do this, or
is it specified and implemented on the OpenPGP card only at this point
in time?

Thirdly, the SCUTE docs start by generating a certificate request from
your OpenPGP authentication key.  In this scenario, are you just using
the Same RSA key for both your OpenPGP and X509 certificates?  Does the
certificate imported into gpgsm just contain the public key and the CA's
signature and somehow defer operations to the card?


"Look around! Can you construct some sort of rudimentary lathe?"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 565 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110212/d9dad181/attachment.pgp>

More information about the Gnupg-users mailing list