X509 CSR signed with card key
dgouttegattat at incenp.org
Mon Feb 23 01:44:22 CET 2015
On 02/23/2015 12:33 AM, Dubravszky József wrote:
> Is there any way to create an X509 CSR signed with the private key stored on
> the card?
Yes, you can use the gpgsm(1) tool for that.
Make sure your card is in the card reader, then:
$ gpgsm --armor --output mycsr.pem --gen-key
You’ll be prompted to select what kind of key you want, choose “Existing
key from card” (make sure your card is in the reader). Then select which
of the card keys you want to use (the signing key, the encryption key,
or the authentication key) and the intended use of the future certificate.
At the end of the procedure, you’ll be prompted for your PIN in order to
sign the CSR.
The documentation of Scute  has a complete example (it uses
gpgsm-gencert.sh, a deprecated helper script, instead of the above
command, but the procedure is almost the same).
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 455 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users