using an OpenPGP card with Java (keytool and jarsigner)
seanl at literati.org
Fri Jan 17 18:37:52 CET 2014
Scute accesses the card via either scdaemon or gpg-agent (I can't remember
which and I'm on my phone), so you don't need to release the card and
reenter your PIN to switch back and forth between PKCS#11 and gpg/gpgsm.
However, it's a minimal implementation of the parts of the API necessary
for X.509 auth in Firefox, so I have no idea what else it might work for in
its present state. I plan to try it with OpenVPN pretty soon.
On Jan 17, 2014 7:44 AM, "Hans-Christoph Steiner" <hans at guardianproject.info>
> On 01/17/2014 03:05 AM, Werner Koch wrote:
> > On Fri, 17 Jan 2014 02:24, seanl at literati.org said:
> >> Scute works great with Firefox, but keep in mind it requires gpg-agent
> > Sure. That is the whole point of the exercise.
> >> at least scdaemon). AFAIK it's not intended to work with anything other
> >> than Firefox right now. I've been meaning to try it out with
> > Well, it has not been tested with anything else. However, it implements
> > the pkcs#11 interface properly for signature keys and Marcus even came
> > up with a free and readable implementation of the pkcs11 header file.
> >> The code seems fairly straightforward and it comes with documentation
> >> spying on the PKCS#11 calls to help troubleshoot the implementation, so
> >> even if it doesn't work it may not require too much hacking to make it
> > Right. I would love to see a new maintainer for it. If there are any
> > GnuPG related problems I will for sure help with it.
> How does scute's PKCS#11 support differ from OpenSC's? If the OpenPGP
> card is
> supported by opensc, is that providing the same thing as scute? I already
> have Java's keytool talking to the OpenPGP card via OpenSC, I just can't
> it to sign something yet.
> PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnupg-users