using an OpenPGP card with Java (keytool and jarsigner)
Hans-Christoph Steiner
hans at guardianproject.info
Tue Jan 7 15:32:45 CET 2014
NdK wrote:
> Il 07/01/2014 04:01, Hans-Christoph Steiner ha scritto:
>
>> Does anyone know if there is any chance of using an OpenPGP smart card for
>> Java? I know that GnuPG doesn't support PKCS#11, but I was wondering if
>> things work the otherway around: java using the OpenPGP card. It would be
>> super useful to be able to use the same smartcard for both Android APK signing
>> and OpenPGP signing.
> IIRC there is an OpenSC "driver" for OpenPGP cards, that makes 'em
> accessible throught PKCS#11.
>
> https://www.mail-archive.com/opensc-devel@lists.opensc-project.org/msg06206.html
>
> Seems it's quite old... Maybe if you want to take over developement...
>
> BYtE,
> Diego.
opensc's support for the OpenPGP card has improved quite a bit in 0.13, it
seems. There is now full write support and a specific 'openpgp-tool' even:
https://www.opensc-project.org/opensc/wiki/OpenPGP
I don't need write support at all, I just want to get keytool to use the
OpenPGP card as a PKCS11 keystore. It seems that things are close: Java can
use NSS as a provider of PKCS11. I guess the question is whether opensc is
making a PKCS#11 interface to the OpenPGP card, that's the bit that I don't
fully understand.
Once I figure this out, my plan is to integrate my work into the relevant
Debian packages, and then promote the use of the OpenPGP card for Android APK
signing keys.
.hc
--
PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81
More information about the Gnupg-users
mailing list