using OpenPGP card as an X.509 CA?

Daniel Pocock daniel at
Tue Jun 25 17:32:22 CEST 2013

On 25/06/13 15:28, Werner Koch wrote:
> On Tue, 25 Jun 2013 12:43, daniel at said:
>> I understand the OpenPGP card can hold one X.509 certificate
> Actually the card does not hold any certifciate but merely the keys and
> OpenPGP fingerprints of the certificates.  You can very well use such a
> key to create an X.509 certifciate:
>   $ gpgsm --gen-key
>   gpgsm: It is only intended for test purposes and should NOT be
>   gpgsm: used in a production environment or with production keys!
>   Please select what kind of key you want:
>      (1) RSA

Should this option work without a smart card, e.g. creating a key in the
local home directory?

When I run it, it takes me through the questions, asks me to confirm the
cert details and then fails with

gpgsm: line 1: key generation failed: Unsupported certificate
<Unspecified source>

>      (2) Existing key
>      (3) Existing key from card
>   Your selection? 3
>   Serial number of the card: D2760001240102000005000001230000
>   Available keys:
>      (1) C003409A7489993713D22A10DD0604853FEE33F8 OPENPGP.1
>      (2) C91C9AA0731D82B3B3191EA68478EAD4B5069EE8 OPENPGP.2
>      (3) EC9663F3E82CEAC9734212CF13AAAA1A63B0F7DC OPENPGP.3
>   Your selection? 
>> Can this be used in practice to run an in-house CA to sign other X.509
>> certificates, e.g. for small VPN setups?
> There is no software to manage a CA but you can do it manually with gpgsm.

I found the command "--sign" in the man page, but there is no example. 
Should "--sign" take a CSR as input and generate a cert as output and
could you provide an example?  Or is some intermediate processing needed
to convert the CSR into something the gpgsm can sign?

>> Also, can the X.509 cert on the OpenPGP card be used with StrongSwan (as
>> a client or server cert for VPN)?
> Depends on what interface is supported.  If it uses pkcs#11 you may want
> to checkout Scute.

strongSwan reportedly works with PKCS#11 / OpenSC, it's hard for me to
understand if Scute will work but I don't mind trying it.

I notice the Scute "Features and Limitations" page says it only works
with 36 byte signatures for MD5 and SHA1 hashes.  Many people have now
moved to SHA2 or stronger hashes

More information about the Gnupg-users mailing list